Merge remote-tracking branch 'github-kicksecure/master'

usr/libexec/security-misc/permission-lockdown

@@ -32,35 +32,17 @@
 # /usr/libexec/security-misc/permission-lockdown: user: geoclue | chmod o-rwx "/var/lib/geoclue"
 
 home_folder_access_rights_lockdown() {
-   shopt -s nullglob
-
-   ## Not using dotglob.
-   ## touch /var/cache/security-misc/state-files//home/.Trash
-   ## touch: cannot touch '/var/cache/security-misc/state-files//home/.Trash': No such file or directory
-
-   local folder_name base_name
-
-   for folder_name in /home/* ; do
-      base_name="$(basename "$folder_name")"
-      if [ -f "/var/cache/security-misc/state-files/$base_name" ]; then
+   # Each users home directory to himself
+   for user in $(dir /home); do # lists directories only
+      if [ -f /var/cache/security-misc/state-files/$user ]; then
          continue
       fi
-      if [ ! -d "$folder_name" ]; then
-         continue
+      if [ $(id --user $user) ]; then # check if user actually exists, and this is not some random directory
+         dpkg-statoverride --add --update $user $user 0700 /home/$user # home directory of the user
+         echo "Permission updated: chmod go-rwx /home/$user"
+         touch /var/cache/security-misc/state-files/$user # so that we know we did this one
       fi
-      if [ "$folder_name" = "/home/" ]; then
-         continue
-      fi
-      mkdir -p /var/cache/security-misc/state-files
-      echo "$0: chmod o-rwx \"$folder_name\""
-      chmod o-rwx "$folder_name"
-      ## Create a state-file so we do this only once.
-      ## Therefore a user who will manually undo this, will not get
-      ## annoyed by this being done over and over again.
-      touch "/var/cache/security-misc/state-files/$base_name"
    done
-
-   shopt -u nullglob
 }
 
 home_folder_access_rights_lockdown