Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-19 13:51:33 -05:00
Code Issues Packages Projects Releases Wiki Activity
c336b266f6
security-misc/usr/libexec/security-misc/permission-lockdown
Raja Grewal 1bb843ec38
Update Copyright (C) to 2024
2024-05-11 13:18:36 +10:00

62 lines
3.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Doing this for all users would create many issues.
# /usr/libexec/security-misc/permission-lockdown: user: root | chmod o-rwx "/root"
# /usr/libexec/security-misc/permission-lockdown: user: daemon | chmod o-rwx "/usr/sbin"
# /usr/libexec/security-misc/permission-lockdown: user: bin | chmod o-rwx "/bin"
# /usr/libexec/security-misc/permission-lockdown: user: sys | chmod o-rwx "/dev"
# /usr/libexec/security-misc/permission-lockdown: user: sync | chmod o-rwx "/bin"
# /usr/libexec/security-misc/permission-lockdown: user: games | chmod o-rwx "/usr/games"
# /usr/libexec/security-misc/permission-lockdown: user: man | chmod o-rwx "/var/cache/man"
# /usr/libexec/security-misc/permission-lockdown: user: mail | chmod o-rwx "/var/mail"
# /usr/libexec/security-misc/permission-lockdown: user: proxy | chmod o-rwx "/bin"
# /usr/libexec/security-misc/permission-lockdown: user: backup | chmod o-rwx "/var/backups"
# /usr/libexec/security-misc/permission-lockdown: user: systemd-timesync | chmod o-rwx "/run/systemd"
# /usr/libexec/security-misc/permission-lockdown: user: systemd-network | chmod o-rwx "/run/systemd/netif"
# /usr/libexec/security-misc/permission-lockdown: user: messagebus | chmod o-rwx "/var/run/dbus"
# /usr/libexec/security-misc/permission-lockdown: user: tinyproxy | chmod o-rwx "/run/tinyproxy"
# /usr/libexec/security-misc/permission-lockdown: user: rtkit | chmod o-rwx "/proc"
# /usr/libexec/security-misc/permission-lockdown: user: colord | chmod o-rwx "/var/lib/colord"
# /usr/libexec/security-misc/permission-lockdown: user: Debian-exim | chmod o-rwx "/var/spool/exim4"
# /usr/libexec/security-misc/permission-lockdown: user: debian-tor | chmod o-rwx "/var/lib/tor"
# /usr/libexec/security-misc/permission-lockdown: user: stunnel4 | chmod o-rwx "/var/run/stunnel4"
# /usr/libexec/security-misc/permission-lockdown: user: iodine | chmod o-rwx "/var/run/iodine"
# /usr/libexec/security-misc/permission-lockdown: user: apt-cacher-ng | chmod o-rwx "/var/cache/apt-cacher-ng"
# /usr/libexec/security-misc/permission-lockdown: user: statd | chmod o-rwx "/var/lib/nfs"
# /usr/libexec/security-misc/permission-lockdown: user: timidity | chmod o-rwx "/etc/timidity"
# /usr/libexec/security-misc/permission-lockdown: user: uuidd | chmod o-rwx "/run/uuidd"
# /usr/libexec/security-misc/permission-lockdown: user: _rpc | chmod o-rwx "/run/rpcbind"
# /usr/libexec/security-misc/permission-lockdown: user: geoclue | chmod o-rwx "/var/lib/geoclue"
home_folder_access_rights_lockdown() {
mkdir --parents /var/cache/security-misc/state-files
local user
for user in $(dir /home); do ## lists directories only
if [ -f "/var/cache/security-misc/state-files/$user" ]; then
continue
fi
folder_name="/home/$user"
## chmod:
## The 'g' for 'group' is not needed.
## Debian by default uses USERGROUPS=yes in /etc/adduser.conf.
## The group which the user is being added to has the same name as the user.
## If the username is user then the name of the group is also user.
## Some background information here:
## https://unix.stackexchange.com/questions/156473/reasons-behind-the-default-groups-and-users-on-linux
## In short, this is useful for "file sharing". A if user1 wants to share data with user2 the command
## required to run is sudo addgroup user1 user2.
## See also: user private groups UPGs
## https://wiki.debian.org/UserPrivateGroups
echo "$0: chmod o-rwx \"$folder_name\""
chmod o-rwx "$folder_name"
touch "/var/cache/security-misc/state-files/$user"
done
}
home_folder_access_rights_lockdown
exit 0
Reference in New Issue View Git Blame Copy Permalink