Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The regular users default primary group must be staff (or equivalent) on AIX.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215182 | AIX7-00-001016 | SV-215182r508663_rule | Medium |
| Description |
|---|
| The /usr/lib/security/mkuser.default file contains the default primary groups for regular and admin users. Setting a system group as the regular users' primary group increases the risk that the regular users can access privileged resources. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2021-11-19 |
Details
| Check Text ( C-16380r293997_chk ) |
|---|
| Check the default primary group for regular users: # lssec -f /etc/security/mkuser.default -s user -a pgrp The above command should yield the following output: user pgrp=staff If the above command shows that the primary group (pgrp) is not "staff", this is a finding. |
| Fix Text (F-16378r293998_fix) |
|---|
| Set the default primary groups for regular to be "staff". # chsec -f /etc/security/mkuser.default -s user -a pgrp=staff |