homeaudit

by Morgan Aldridge morgant@makkintosshu.com

OVERVIEW

A simple command line utility which audits (and optionally adjust) a user's home directory permissions. It is currently developed and tested on OpenBSD, but should work with other POSIX operating systems.

It is similar to the home directory support in OpenBSD's security(8) utility, but optionally adjusts and further restricts access beyond the defaults.

NOTE: It does not support extended attributes!

FEATURES

NOTE: This is a work in progress and not all of the planned features have been implemented yet.

• Validates:
  • User's home directory path
  • Home directory user
  • Home directory group
  • Home directory permissions, including:
    • Default home directory dot file permissions
    • Specific files which should never be owned or writeable by someone else
    • Specific files which should never be owned or readable by someone else
• Lists any file or directory which is out-of-spec for validations
• Optionally, will adjust user/group ownership and permissions for files and directories within the home directory to the defaults
• Optionally, can adjust all file and directory permissions within the home directory to prevent access from someone else

Reference

• OpenBSD
  • Manuals:
    • hier(7)
    • security(8)
    • mtree(8)
    • find(1)
    • stat(1)
    • chown(8)
    • chmod(1)

LICENSE

TBD