02-25-2009
The user owns their home directory, hence they can change the modes as per their needs.
One way to remedy this is to run a periodic QA kind of script that reports on the users' home directories that are "world-readable/writable". We do this in our environment about once a quarter and send this out to the respective team managers. The onus then shifts to the managers of the application teams to ensure that their team members follow our recommended guidelines. This also helps us from an audit perspective; less last minute remediations.
Last edited by frozentin; 02-25-2009 at 01:58 PM..
Reason: typos
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I accidently reset the permissions of my /home/punkrockguy318 directory to root only. How can I get my punkrockguy318 permissions ( and all of it's contents) to be read/write accesable only to punkrockguy318 and root? (5 Replies)
Discussion started by: punkrockguy318
5 Replies
2. Shell Programming and Scripting
From within a directory, how do I determine whether I have write permission for it.
test -w pwd ; echo ?
This doesn't work as it returns false, even though I have write permission. (4 Replies)
Discussion started by: Sniper Pixie
4 Replies
3. UNIX for Dummies Questions & Answers
Hello All,
I have a new HPUX system going into production and it will be used by 2 projects. One of the contract requirements is the 2 groups can not have access to the others work or data. I believe I have the system pretty well locked up using groups and permissions and selective mounting of... (2 Replies)
Discussion started by: DanL
2 Replies
4. UNIX for Dummies Questions & Answers
Hi everyone.
My objective is to configure a Solaris 10 box as follows: There will be many simultaneous users connecting to it, and each of those users would automatically get a home folder.
For example, when I add user "Bob", the home folder would be /export/home/Bob
And for Mary, it's... (3 Replies)
Discussion started by: EugeneG
3 Replies
5. Solaris
Hi,
I've created solaris user which has both FTP and SFTP Access. Using the "ftpaccess" configuration file options "guest-root" and "restricted-uid", i can restrict the user to a specific directory. But I'm unable to restrict the user when the user is logged in using SFTP.
The aim is to... (1 Reply)
Discussion started by: sftpuser
1 Replies
6. Shell Programming and Scripting
Hi,
How do i check if I have read/write/execute rights on a UNIX directory?
What I'm doing is checking read access on the files but i also want to check if user has rights on the direcory in whcih these files are present.
if then......
And I check if the directory exists by using... (6 Replies)
Discussion started by: chetancrsp18
6 Replies
7. UNIX for Advanced & Expert Users
I have been a UNIX user for a long time, and in that time I have been looking for a program to set/reset all the file permissions of a complex directory hierarchy (my home) according to a configuration file of rules.
That is not the simple find-xargs-chmod rule but a program (shell/perl/c)... (4 Replies)
Discussion started by: antofthy
4 Replies
8. UNIX for Advanced & Expert Users
Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies
9. Solaris
Hello,
I've just started using a Solaris machine with SunOS 5.10.
After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init).
... (2 Replies)
Discussion started by: egyassun
2 Replies
userdel(1M) userdel(1M)
NAME
userdel - delete a user login from the system
SYNOPSIS
alternate_password_file] login
DESCRIPTION
The command deletes a user login from the system by modifying the appropriate login related files.
The command requires the login argument. login is the name to be deleted, specified as a string of printable characters. It may not con-
tain a colon or a newline
Refer to usergroupname(5) to understand the functionality changes with the Numeric User Group Name feature.
Options
recognizes the following options:
The home directory of
login is removed from the system. This directory must exist. Following the successful execution of this command, none of
the files and directories under the home directory will be available.
If a user is deleted and the home directory is shared by others, then this directory is not deleted even with the option.
Force the changes, even if the login is currently in use.
Specify that the changes are being made to the alternate
password file of NIS specified by the option. The and options should not be used with this option.
Specify the path of the alternate password file of NIS.
The option is used with the option.
In the event where a directory is shared by users of the same group and the owner of that directory is deleted, then the ownership of that
directory is propagated to the next user who is sharing that directory. The new owner is determined by looking at the order in which the
users sharing this directory are added to the file. If there is only one user remaining then the directory is brought back to unshared
mode by resetting the permissions to from
NIS
This command is aware of NIS user and group entries. Only local users and groups may be deleted or modified with this command. Attempts
to delete or modify NIS users or groups will result in an error. NIS users and groups must be administered from the NIS server. The com-
mand may fail with the error
(return value 6) if the user specified is an NIS user (see passwd(4)). The error
(return value 10) is returned if a local user belongs to an NIS group (see group(4)).
NFS
Errors may occur with the option if the affected directory is within an NFS mounted file system that does not allow root privileges across
the NFS mount, and the directory or files within the directory do not have sufficient permissions.
RETURN VALUE
exits with one of the following values:
Successful completion.
Invalid command syntax.
Invalid argument supplied to an option.
The login to be removed does not exist.
The login to be removed is in use.
Cannot modify the
file, but the login was removed from the file.
Unable to remove or modify the home directory.
Unable to open
file or file is non-existent.
file or
file busy. Another command may be modifying the file.
Cannot delete entry from
file.
Out of memory.
Invalid template file.
EXAMPLES
Remove the user from the system:
Remove the user from the system and delete home directory from the system:
WARNINGS
Because many users may try to write the file simultaneously, a password locking mechanism was devised. If this locking fails after subse-
quent retrying, terminates.
FILES
Shadow Password file
System Password file
System group file
Lock file used when updating password file
SEE ALSO
passwd(1), users(1), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), useradd(1M), usermod(1M), group(4), passwd(4), shadow(4), user-
groupname(5).
STANDARDS CONFORMANCE
userdel(1M)