Title

The AIX user home directories must not have extended ACLs. (Cat II impact)

Discussion

Excessive permissions on home directories allow unauthorized access to user files.

Check Content

Verify user home directories have no extended ACLs using command: # cat /etc/passwd | cut -f 6,6 -d ":" | xargs -n1 aclget * * ACL_type AIXC * attributes: base permissions owner(root): rwx group(system): r-x others: r--- extended permissions disabled If extended permissions are not disabled, this is a finding.

Fix Text

Remove the extended ACL from the user home directory and disable extended permissions: # acledit <directory>

Additional Identifiers

Rule ID: SV-215332r508663_rule

Vulnerability ID: V-215332

Group Title: SRG-OS-000480-GPOS-00230

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.