All AIX interactive users home directories must be group-owned by the home directory owner primary group.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215277 | SRG-OS-000480-GPOS-00230 | AIX7-00-002086 | SV-215277r991592_rule | 2024-08-16 | 3 |
| Description |
|---|
| If the Group Identifier (GID) of the home directory is not the same as the GID of the user, this would allow unauthorized access to files. |
| ℹ️ Check |
|---|
| Check the group ownership for each user in the "/etc/passwd" file using command: # cut -d: -f6 /etc/passwd | xargs ls -lLd drwxr-xr-x 21 root system 4096 Jan 29 09:58 / drwxr-xr-x 4 bin bin 45056 Jan 24 12:31 /bin drwxr-xr-x 2 doejohn staff 256 Jan 25 13:18 /home/doejohn drwxr-xr-x 2 sshd system 256 Aug 11 2017 /home/srvproxy drwx------ 2 root system 256 Jan 30 12:54 /root drwxrwxr-x 4 bin bin 256 Mar 23 2017 /usr/sys drwxrwxr-x 15 root adm 4096 Jan 24 12:26 /var/adm drwxr-xr-x 6 root system 4096 Jan 24 07:34 /var/adm/invscout drwxr-xr-x 8 esaadmin system 256 Jan 24 09:02 /var/esa If any user's home directory is not group-owned by the assigned user's primary group, this is a finding. Home directories for application accounts requiring different group ownership must be documented using site-defined procedures. |
| ✔️ Fix |
|---|
| Change the group owner for users home directories to the primary group of the assigned user: # chgrp <groupname> <directoryname> (Replace examples with appropriate group and home directory.) Document all changes. |