User home directories must not have extended ACLs.

User home directories must not have extended ACLs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22350	GEN001490	SV-38730r1_rule	ECLP-1	Low

Description
Excessive permissions on home directories allow unauthorized access to user files.

STIG	Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE	2018-09-18

Details

Check Text ( C-37152r1_chk )
Verify user home directories have no extended ACLs. Procedure: # cat /etc/passwd \| cut -f 6,6 -d ":" \| xargs -n1 aclget Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.

Fix Text (F-32412r1_fix)
Remove the extended ACL from the user home directory and disable extended permissions. #acledit /