diff options
author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-12-18 11:04:35 +0000 |
---|---|---|
committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-12-18 11:04:35 +0000 |
commit | b9db3721f6791a15273274547a872272e885970b (patch) | |
tree | 6252e5a19811031e3c8de4559b5a33ac47cbd529 /cron-sh | |
parent | 3bc3fe4fd0a9c783e97dfcab9226b998d6c97fd4 (diff) | |
download | msec-b9db3721f6791a15273274547a872272e885970b.tar msec-b9db3721f6791a15273274547a872272e885970b.tar.gz msec-b9db3721f6791a15273274547a872272e885970b.tar.bz2 msec-b9db3721f6791a15273274547a872272e885970b.tar.xz msec-b9db3721f6791a15273274547a872272e885970b.zip |
Do not report group writable files for gdm user (#56064)
Diffstat (limited to 'cron-sh')
-rwxr-xr-x | cron-sh/scripts/01_files.sh | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh index c1135c6..b7f2d76 100755 --- a/cron-sh/scripts/01_files.sh +++ b/cron-sh/scripts/01_files.sh @@ -229,6 +229,7 @@ fi Filter ${MSEC_TMP} CHECK_USER_FILES ### Check home directories. Directories should not be owned by someone else or writable. +# The 'mail' and 'gdm' user directories are skipped as they are group-writable by design (#56064) getent passwd | awk -F: '/^[^+-]/ { print $1 ":" $3 ":" $6 }' | \ while IFS=: read username uid homedir; do if ! expr "$homedir" : "$FILTER" > /dev/null; then @@ -241,7 +242,7 @@ while IFS=: read username uid homedir; do fi done | awk -F: '$3 != $5 && $5 != "(0)" \ { print "user=" $2 $3 " : home directory is owned by " $4 $5 "." } - $1 ~ /^d....w/ && $2 != "lp" && $2 != "mail" \ + $1 ~ /^d....w/ && $2 != "lp" && $2 != "mail" && $2 != "gdm" \ { print "user=" $2 $3" : home directory is group writable." } $1 ~ /^d.......w/ \ { print "user=" $2 $3" : home directory is other writable." }' > ${MSEC_TMP} |