STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215182

CAT II (Medium)

The regular users default primary group must be staff (or equivalent) on AIX.

Rule ID

SV-215182r958362_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000015

Discussion

The /usr/lib/security/mkuser.default file contains the default primary groups for regular and admin users. Setting a system group as the regular users' primary group increases the risk that the regular users can access privileged resources.

Check Content

Check the default primary group for regular users:
# lssec -f /etc/security/mkuser.default -s user -a pgrp

The above command should yield the following output:
user pgrp=staff

If the above command shows that the primary group (pgrp) is not "staff", this is a finding.

Fix Text

Set the default primary groups for regular to be "staff".
# chsec -f /etc/security/mkuser.default -s user -a pgrp=staff