> Date: Wed, 8 Sep 2021 11:24:18 +0200 > From: jim hook <jimhook7...@mail.com>
> Thinking of that home dirs could be on a shared storage, that can be > accessed by others and maliciously modify the ".profile", etc. files > of the targeted user. > > ex.: "unset cd" would help, but any solution in general? > Date: Wed, 8 Sep 2021 19:41:46 +0959 > From: Reuben ua Bríġ <u5644...@anu.edu.au> > directory permissions. in code: > > for u in /home/* > do chown "$u" "/home/$u" > chmod go-w "/home/$u" > > which you should find is already the default. > Date: Wed, 8 Sep 2021 19:50:26 +1000 > From: Reuben ua Bríġ <u5644...@anu.edu.au> > oops, wrong code. i meant > > cd /home > for u in * > do set -- "$u" "$u/.profile" > chown "$u" "$@" > chmod go-w "$@" > done > > assuming you have the usual directory set-up. > a more general solution would involve parsing /etc/passwd except that in general you should never do anything as root to files under a directory owned by a user other than root, as that user could replace the file with a symbolic link to some other file, and trick you into modifying some important system file. secure ways of doing basic stuff in obsd are... convoluted.
