The AIX root accounts home directory must not have an extended ACL.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215199 | SRG-OS-000480-GPOS-00230 | AIX7-00-001040 | SV-215199r991592_rule | 2026-02-06 | 3 |
Description
Excessive permissions on root home directories allow unauthorized access to root user files.
ℹ️ Check
Verify the "root" account's home directory has no extended ACL using command:
# aclget ~root
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rwx
group(system): ---
others: ---
extended permissions
disabled
If extended permissions are enabled, the directory has an extended ACL, and this is a finding.
✔️ Fix
Remove the extended ACL from the "root" account's home directory using command:
# acledit ~root
Change extended attributes to disabled.