UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All AIX users home directories must have mode 0750 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215331 AIX7-00-003018 SV-215331r508663_rule Medium
Description
Excessive permissions on home directories allow unauthorized access to user files.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2023-02-13

Details

Check Text ( C-16529r294444_chk )
Check the home directory mode of each interactive user in "/etc/passwd":

#cut -d : -f 6 /etc/passwd | xargs -n1 ls -ld | more
drwxr-xr-x 20 root system 4096 Jan 28 13:46 /
drwxr-xr-x 33 root system 8192 Jan 28 13:51 /etc
lrwxrwxrwx 1 bin bin 8 Jan 24 07:23 /bin -> /usr/bin
drwxrwxr-x 4 bin bin 256 Mar 23 2017 /usr/sys
drwxrwxr-x 15 root adm 4096 Jan 24 12:26 /var/adm
drwxr-xr-x 2 root sys 4096 Jan 24 08:43 /usr/lib/uucp
drwxr-xr-x 6 root system 4096 Jan 24 07:34 /var/adm/invscout
drwxr-xr-x 3 ipsec ipsec 256 Jan 24 08:43 /etc/ipsec
drwxr-xr-x 2 sshd system 256 Aug 11 2017 /home/srvproxy
drwxr-xr-x 8 esaadmin system 256 Jan 24 09:02 /var/esa
drwxr-x--- 2 doejohn staff 256 Jan 25 13:18 /home/doejohn

If an interactive user's home directory's mode is more permissive than "0750", this is a finding.

NOTE: Application directories are allowed and may need "0755" permissions (or greater) for correct operation.
Fix Text (F-16527r294445_fix)
Change the mode of interactive users' home directories to "0750" or less permissive using the following command:
# chmod 0750