The AIX root accounts home directory must not have an extended ACL.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215199 | SRG-OS-000480-GPOS-00230 | AIX7-00-001040 | SV-215199r991592_rule | 2024-08-16 | 3 |
| Description |
|---|
| Excessive permissions on root home directories allow unauthorized access to root user files. |
| ℹ️ Check |
|---|
| Verify the "root" account's home directory has no extended ACL using command: # aclget ~root * * ACL_type AIXC * attributes: base permissions owner(root): rwx group(system): --- others: --- extended permissions disabled If extended permissions are enabled, the directory has an extended ACL, and this is a finding. |
| ✔️ Fix |
|---|
| Remove the extended ACL from the "root" account's home directory using command: # acledit ~root Change extended attributes to disabled. |