The AIX user home directories must not have extended ACLs.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215332 | SRG-OS-000480-GPOS-00230 | AIX7-00-003019 | SV-215332r991592_rule | 2026-02-06 | 3 |
Description
Excessive permissions on home directories allow unauthorized access to user files.
ℹ️ Check
Verify user home directories have no extended ACLs using command:
# cat /etc/passwd | cut -f 6,6 -d ":" | xargs -n1 aclget
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rwx
group(system): r-x
others: r---
extended permissions
disabled
If extended permissions are not disabled, this is a finding.
✔️ Fix
Remove the extended ACL from the user home directory and disable extended permissions:
# acledit <directory>