I want to write a script that makes sure users' home directories don't contain world writable directories, directories owned by other users, or
other potential security problems. I'd like to echo any directory where
one user's home directory can be modified some by another user.

Can someone help me with these additions? I think this would be very important as well.

Here is one such utility I wrote:

#!/bin/bash
if ( [ "$1" = "" ] ); then
  echo ""
  echo "-find:     put all exceptions to files"
  echo "-del:      delete all exception files"
  echo "-fixsuids: fix the most common suids"
fi

if ( [ "$1" = "-find" ] ); then
  #To generate "path" :
  find / -maxdepth 1 -type d | grep -v '^/$' | grep -v '^/proc$' > path

  #suid
  find `cat path` -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \; > out.suids

  #write permissions
  find `cat path` -type f \( -perm -2 -o -perm -20 \) -exec ls -la {} \; > out.f.write
  find `cat path` -type d \( -perm -2 -o -perm -20 \) -exec ls -lad {} \; > out.d.write

  #
  find `cat path` -type f \( -nogroup -o -nouser \) -exec ls -la {} \; > out.f.nouser
  find `cat path` -type d \( -nogroup -o -nouser \) -exec ls -lad {} \; > out.g.nouser
fi

if ( [ "$1" = "-del" ] ); then
  rm out.*
fi

if ( [ "$1" = "-fixsuids" ] ); then
   fsuids="wall ping ping6 mount umount su sudo traceroute6 traceroute \
           write newgrp cardctl cardinfo chsh chfn"

  for i in $fsuids
  do
    bin=`which $i`
    bin=`readlink -f $bin`
    if test -f $bin; then
      echo "Fixing $bin..."
      chown root:wheel $bin
      chmod o-rx `which $i`

    fi
  done

fi

unset i bin

You may want to run the suid part manually though -- I think when you chown a suid it removes the suid bit altogether for security reasons. Be sure you test that before running it on a production system.

Do you mind commenting your statements so I may see what each line is doing? I'm having some trouble translating this. Thank you so much for your help

Also can you explain exactly what this does when I run it? I ran it and typed ./checkeperm -find and it scrolls things such as:

for quite some time.

find: /var/www/htdocs/finaid/_notes: Permission denied
find: /var/www/htdocs/finaid/javascript: Permission denied
find: /var/www/htdocs/finaid/loans: Permission denied
find: /var/www/htdocs/finaid/needaid/css: Permission denied
find: /var/www/htdocs/finaid/needaid/_baks: Permission denied
find: /var/www/htdocs/finaid/needaid/_notes: Permission denied
find: /var/www/htdocs/finaid/2009-2010: Permission denied
find: /var/www/htdocs/finaid/2008-2009: Permission denied

Did you run it as root?

The script for this is really excessive and not needed

#!/bin/bash
if ( [ "$1" = "" ] ); then
  echo ""
  echo "-find:     put all exceptions to files"
  echo "-del:      delete all exception files"
  echo "-fixsuids: fix the most common suids"
fi

if ( [ "$1" = "-find" ] ); then
  #To generate "path" :
  #this excludes directories from the search such as /proc
  #you can add your manual exclusions here. These are dirs off
  #the root /
  find / -maxdepth 1 -type d | grep -v '^/$' | grep -v '^/proc$' > path

  #suid
  #finds all suid files in the search directories listed in ./path
  find `cat path` -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \; > out.suids

  #write permissions
  #finds o+x files
  find `cat path` -type f \( -perm -2 -o -perm -20 \) -exec ls -la {} \; > out.f.write
  #finds o+x directories
  find `cat path` -type d \( -perm -2 -o -perm -20 \) -exec ls -lad {} \; > out.d.write

  #finds all files that do not have a user associate with them. This happens if you
  #add a user, they create a file, then you delete them.
  find `cat path` -type f \( -nogroup -o -nouser \) -exec ls -la {} \; > out.f.nouser
  #same as above but directories
  find `cat path` -type d \( -nogroup -o -nouser \) -exec ls -lad {} \; > out.g.nouser
fi

if ( [ "$1" = "-del" ] ); then
  #cleans up the temp files
  rm out.*
fi

if ( [ "$1" = "-fixsuids" ] ); then
  #dont use this, it doesnt work right
   fsuids="wall ping ping6 mount umount su sudo traceroute6 traceroute \
           write newgrp cardctl cardinfo chsh chfn"

  for i in $fsuids
  do
    bin=`which $i`
    bin=`readlink -f $bin`
    if test -f $bin; then
      echo "Fixing $bin..."
      chown root:wheel $bin
      chmod o-rx `which $i`

    fi
  done

fi

unset i bin

After you run the script as root check the out.* files it creates in the working directory. It will give you a list of files/dirs that meet the criteria

So basically this is going to create a list of files and directories that meet the criteria O+X and or SUID and echo these results and must be run as root to work properly. Is this correct?

and -del is used to delete -find results incase I want to run it again correct?

So whereever I execute this file the out.* is going to be placed there?

Yes. You can change the behavior to use stdout but it will likely scroll the data off of your screen.

This article has been dead for over six months. Start a new discussion instead.