CHKACCT

Section: Misc. Reference Manual Pages (1L)
Updated: LOCAL
Index Return to Main Contents
 

NAME

chkacct - Check and fix simple security problems in your account  

SYNOPSIS

chkacct [ -ehinqrv ] [ -f starting directory ] [ -m home directory ] [ -s username ]
 

DESCRIPTION

chkacct (short for check account) is a program which checks your account for unsafe file permissions. chkacct descends through your account examining the permissions on each file. If the permissions on the file are unsafe then the user is presented with a proposed fix in the form of a command and an accompanying explanation as to the effect of that command. The user is then given the choice of ignoring the potential problem, fixing it, or viewing a more in-depth informational file about similar security problems.

chkacct examines your account in three phases. The first phase checks the permissions of all ``dot'' files (files such as .login, .rhosts, .cshrc, .profile etc. etc) Working under the assumption that all ``dot'' files contain sensitive information, chkacct warns the user about ``dot'' files which should not be either readable or writable. chkacct also flags any ``dot'' files residing in the user's home directory, but owned by someone other than the user running chkacct.

The second phase examines all files owned by the user running chkacct (including directories) for writability, setuid (set user id), or setgid (set group id) permissions.

The third phase of chkacct is a perl(1u) script which attempts to parse apart the user's .rhosts file, if it exists. If it exists and is found to be unsafe, chkacct offers to move it to another name so it will not allow any password-less logins.

Lastly, chkacct offers to display an article about account security. The article is written for novice users.  

OPTIONS

Options are parsed in the order the user specifies them on the command line. If you specify options with conflicting effects, the last option will take precedence.

-e
Expert (non-interactive) mode -- do not ask the user any questions.
-f startdir
Specify the directory in which to begin the general file search to be startdir
-h
Print a help message explaining each option.
-i
Interactive mode -- ask the user about an action for every questionable file. This is the default.
-m homedir
Use homedir as the home directory rather than the default, ${HOME}
-n
Do not actually perform any changes to file names or permissions.
-q
Perform actions as silently as possible. chkacct will only print anything if the user needs to be queried about a security problem. This is not the default.
-r
Do not check the file ${HOME}/.rhosts.
-s username
Run chkacct as if your were user username instead of your current userid. This option will also set ${HOME} to be the home directory of username.
-v
Perform actions verbosely, giving as much guidance to the user as possible. This is the default action.
 

EXAMPLES

chkacct -f /

If you call chkacct with these options, a thorough search of the file system for files owned by you will be performed.

chkacct -q -f /

If you call chkacct with these options, chkacct will look everywhere for files owned by you. It will not print anything if it does not find any security problems.

chkacct -en

If you call chkacct with these options, chkacct will not prompt you for any input, but will display (without fixing) every problem it encounters. This might be useful for mailing to yourself.
 

BUGS

chkacct is written in Bourne shell (without functions) because it is intended to be run in a heterogenous computing environment under many different flavors of Unix. The result of this is that chkacct is limited by those tools and their options which appear as standard tools.  

FILES

/usr/local/bin/chkacct
/usr/local/lib/chkacct/* for informational files displayed by chkacct  

AUTHORS

The writing of chkacct was made much easier by Kevin S. Braunsdorf's (ksb@cc.purdue.edu) Bourne Shell implementation of the getopts package. Phillip R. Moyer (prm@ecn.purdue.edu) of the Purdue Engineering Computer Network provided the security article which made up the text of many of the informational files.

Shabbir J. Safdar, Purdue University UNIX Group  

SEE ALSO

sh(1), perl(1u), find(1), test(1), ls(1), chmod(1), mv(1)

 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLES
BUGS
FILES
AUTHORS
SEE ALSO
This document was created by man2html, using the manual pages.
Time: 23:44:33 GMT, February 06, 2023