There seems to be a bug in the security checking program. Here's an example of a piece a mail I receive from a mailserver I admin every day: ---------- Forwarded Message ---------- Subject: *** Security Check, Wed Jul 5 00:00:28 CDT 2000 *** Date: Wed, 5 Jul 2000 00:00:28 -0500 (CDT) From: [EMAIL PROTECTED] (root) Security Warning: these home directory should not be owned by someone else or writeable : user=accounting : home directory is owned by accounti. user=compliance : home directory is owned by complian. ------------------------------------------------------- I suspect it's comparing the text from "ls" to verify who owns what files, but that cuts off longer usernames. It could just compare the first 8 characters, but that's insecure. It should use "ls -n" which will give the numeric UID/GID instead, which is the only way to do this securely.
