#!/bin/sh

ROOT_UID=0      # Only users with $UID 0 have root privileges.
E_NOTROOT=67    # Non-root exit error.

# Run as root, of course.
if [ "$UID" -ne "$ROOT_UID" ]; then
  echo "Must be root to run this script."
  exit $E_NOTROOT
fi

# Locate any directories in local partitions which are world-writable and do not have their sticky bits set. The
# following command will discover and print these. Run it once for each local partition PART:
#  find PART -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print

# If this command produces any output, fix each reported directory /dir using the command:
# chmod +t /dir

# When the so-called “sticky bit” is set on a directory, only the owner of a given file may remove that file from the
# directory. Without the sticky bit, any user with write access to a directory may remove any file in the directory.
# Setting the sticky bit prevents users from removing each other’s files. In cases where there is no reason for a
# directory to be world-writable, a better solution is to remove that permission rather than to set the sticky bit.
# However, if a directory is used by a particular application, consult that application’s documentation instead of
# blindly changing modes.

find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print | (cat <<EOF
This is an automated report of $0 on the server `hostname -s`.

find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
EOF
cat
) | /bin/mail -s "[Verify that All World-Writable Directories Have Sticky Bits Set]" root