STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215434

CAT II (Medium)

The AIX root user home directory must not be the root directory (/).

Rule ID

SV-215434r991592_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

Changing the root home directory to something other than / and assigning it a 0700 protection makes it more difficult for intruders to manipulate the system by reading the files that root places in its default directory. It also gives root the same discretionary access control for root's home directory as for the other plain user home directories.

Check Content

Determine if root is assigned a home directory other than "/" by listing its home directory by running command: 

# grep "^root" /etc/passwd | awk -F":" '{print $6}' 
/root

If the root user's home directory is "/", this is a finding.

Fix Text

The root home directory should be something other than "/" (such as /root). 

Run commands: 
# mkdir /root 
# chown root /root 
# chgrp system /root 
# chmod 700 /root 

Then, edit the passwd file and change the root home directory to "/root".