← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215341

CAT II (Medium)

The sticky bit must be set on all public directories on AIX systems.

Rule ID

SV-215341r991589_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000366

Discussion

Failing to set the sticky bit on public directories allows unauthorized users to delete files in the directory structure. The only authorized public directories are those temporary directories supplied with the system, or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system, and by users for temporary file storage - such as /tmp - and for directories requiring global read/write access.

Check Content

Verify all world-writable directories have the sticky bit set by running the command: 

# find / -type d -perm -002 ! -perm -1000 > wwlist 
# cat wwlist

If any directories are listed in the "wwlist" file, this is a finding.

Fix Text

Set the sticky bit on all public directories, such as: 
# chmod 1777 /tmp 

(Replace /tmp with the public directory missing the sticky bit, if necessary.)