Posted on 08-13-2015 08:24 AM
Hello
Just letting this one out there and asking how are people checking the logged on users folder permissions?
I could create an EA of this command
find ~ $TMPDIR.. ( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 -o -acl ) 2> /dev/null | wc -l
and make a modification to get the logged on user but i have seen this command takes a while to run and would not want to slow down the inventory
So how else are people checking this ? or are they?
Posted on 08-13-2015 08:30 AM
Why do you think you need to check this? Just curious. Have you seen a number of issues with user's home directory permissions? Normally, if you've built things correctly, the OS takes care of making sure home directory permissions are set correctly when they're initially created.
FWIW, we never check this and have only seen rare cases of the permissions going bad - and usually only because someone with 'nix skills thought that because OS X is a unix OS, they should go in and run a bunch of chmod commands across their Mac, basically messing things up.
I actually saw one case of someone that ran a recursive chown command from the top level of their HD to make their account the owner of everything - true story. I probably don't have to explain how badly that went for them.
Posted on 08-13-2015 08:43 AM
sorry i asked
I have seen over time that this number has increased.
I have been told by the support desk they have repaired permissions on various machines recently that was not recently rebuilt.
As i said before this was just a question to ask if anyone was checking this?
Posted on 08-13-2015 09:06 AM
Hey, I wasn't saying you shouldn't ask, so sorry if my comment came across that way. It just struck me a little odd that you might need to check on this since I don't get the impression most admins out there are doing any user level permissions checks. If you're seeing these stray over time, you may want to dig a little into what could be causing it since generally speaking it shouldn't really go that off track. Also, I would ascertain what the actual consequence of permissions being off actually are. For example, is it preventing users from saving files to their home directory? Or are there no actual side effects. Usually, if permissions aren't exactly how they should be, it doesn't cause any deleterious effects, but I can't speak for what you may be seeing.
Anyway, I realize my comment doesn't actually answer your question of is anyone doing this, other than that we are not doing anything like that.