All AIX users home directories must have mode 0750 or less permissive.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215331 | AIX7-00-003018 | SV-215331r508663_rule | Medium |
| Description |
|---|
| Excessive permissions on home directories allow unauthorized access to user files. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2022-06-06 |
Details
| Check Text ( C-16529r294444_chk ) |
|---|
| Check the home directory mode of each interactive user in "/etc/passwd": #cut -d : -f 6 /etc/passwd | xargs -n1 ls -ld | more drwxr-xr-x 20 root system 4096 Jan 28 13:46 / drwxr-xr-x 33 root system 8192 Jan 28 13:51 /etc lrwxrwxrwx 1 bin bin 8 Jan 24 07:23 /bin -> /usr/bin drwxrwxr-x 4 bin bin 256 Mar 23 2017 /usr/sys drwxrwxr-x 15 root adm 4096 Jan 24 12:26 /var/adm drwxr-xr-x 2 root sys 4096 Jan 24 08:43 /usr/lib/uucp drwxr-xr-x 6 root system 4096 Jan 24 07:34 /var/adm/invscout drwxr-xr-x 3 ipsec ipsec 256 Jan 24 08:43 /etc/ipsec drwxr-xr-x 2 sshd system 256 Aug 11 2017 /home/srvproxy drwxr-xr-x 8 esaadmin system 256 Jan 24 09:02 /var/esa drwxr-x--- 2 doejohn staff 256 Jan 25 13:18 /home/doejohn If an interactive user's home directory's mode is more permissive than "0750", this is a finding. NOTE: Application directories are allowed and may need "0755" permissions (or greater) for correct operation. |
| Fix Text (F-16527r294445_fix) |
|---|
| Change the mode of interactive users' home directories to "0750" or less permissive using the following command: # chmod 0750 |