chkacct (short for check account) is a program which checks your account for unsafe file permissions. chkacct descends through your account examining the permissions on each file. If the permissions on the file are unsafe then the user is presented with a proposed fix in the form of a command and an accompanying explanation as to the effect of that command. The user is then given the choice of ignoring the potential problem, fixing it, or viewing a more in-depth informational file about similar security problems.
chkacct examines your account in three phases. The first phase checks the permissions of all ``dot'' files (files such as .login, .rhosts, .cshrc, .profile etc. etc) Working under the assumption that all ``dot'' files contain sensitive information, chkacct warns the user about ``dot'' files which should not be either readable or writable. chkacct also flags any ``dot'' files residing in the user's home directory, but owned by someone other than the user running chkacct.
The second phase examines all files owned by the user running chkacct (including directories) for writability, setuid (set user id), or setgid (set group id) permissions.
The third phase of chkacct is a perl(1u) script which attempts to parse apart the user's .rhosts file, if it exists. If it exists and is found to be unsafe, chkacct offers to move it to another name so it will not allow any password-less logins.
Lastly, chkacct offers to display an article about account security. The article is written for novice users.
Options are parsed in the order the user specifies them on the command line. If you specify options with conflicting effects, the last option will take precedence.
chkacct -f /
chkacct -q -f /
chkacct -en
chkacct is written in Bourne shell (without functions) because it is intended to be run in a heterogenous computing environment under many different flavors of Unix. The result of this is that chkacct is limited by those tools and their options which appear as standard tools.
/usr/local/bin/chkacct
/usr/local/lib/chkacct/* for informational files displayed by chkacct
The writing of chkacct was made much easier by Kevin S. Braunsdorf's (ksb@cc.purdue.edu) Bourne Shell implementation of the getopts package. Phillip R. Moyer (prm@ecn.purdue.edu) of the Purdue Engineering Computer Network provided the security article which made up the text of many of the informational files.
Shabbir J. Safdar, Purdue University UNIX Group
sh(1), perl(1u), find(1), test(1), ls(1), chmod(1), mv(1)