#!/bin/sh

ROOT_UID=0      # Only users with $UID 0 have root privileges.
E_NOTROOT=67    # Non-root exit error.

# Run as root, of course.
if [ "$UID" -ne "$ROOT_UID" ]; then
  echo "Must be root to run this script."
  exit $E_NOTROOT
fi

# For each human user USER of the system, view the permissions of the user’s home directory:
#  ls -ld /home/USER
# Ensure that the directory is not group-writable and that it is not world-readable. If necessary, repair the
# permissions:
#  chmod g-w /home/USER
#  chmod o-rwx /home/USER
# User home directories contain many configuration files which affect the behavior of a user’s account. No user
# should ever have write permission to another user’s home directory. Group shared directories can be configured
# in subdirectories or elsewhere in the filesystem if they are needed. Typically, user home directories should not
# be world-readable. If a subset of users need read access to one another’s home directories, this can be provided
# using groups.

ls -ld /home/* | (cat <<EOF
This is an automated report of $0 on the server `hostname -s`.

ls -ld /home/*
EOF
cat
) | /bin/mail -s "[Ensure that User Home Directories are not Group-Writable or World-Readable]" root