UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The regular users default primary group must be staff (or equivalent) on AIX.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215182 AIX7-00-001016 SV-215182r508663_rule Medium
Description
The /usr/lib/security/mkuser.default file contains the default primary groups for regular and admin users. Setting a system group as the regular users' primary group increases the risk that the regular users can access privileged resources.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2021-11-19

Details

Check Text ( C-16380r293997_chk )
Check the default primary group for regular users:
# lssec -f /etc/security/mkuser.default -s user -a pgrp

The above command should yield the following output:
user pgrp=staff

If the above command shows that the primary group (pgrp) is not "staff", this is a finding.
Fix Text (F-16378r293998_fix)
Set the default primary groups for regular to be "staff".
# chsec -f /etc/security/mkuser.default -s user -a pgrp=staff