The AIX /var/spool/cron/atjobs directory must be owned by root or bin.
An XCCDF Rule
Description
Unauthorized ownership of the /var/spool/cron/atjobs directory could permit unauthorized users the ability to alter atjobs and run automated jobs as privileged users. Failure to set proper permissions of the /var/spool/cron/atjobs directory provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
- ID
- SV-245566r991589_rule
- Version
- AIX7-00-002147
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Change the ownership of the "atjobs" directory to bin using command:
# chown bin /var/spool/cron/atjobs