#!/bin/sh ############################################################################### # roothome.sh # By: William Favorite # # Purpose: # This script is designed to give the root user the same home directory # permissions enjoyed by all other users on the system. By default, on # AIX, the root user's home directory is /. As this directory is the # common root of all directories on the system it cannot be secured like # an average users home directory on the same system. This script moves # roots home directory to /root where it can be secured and may house # "local" directories that are not likely to confuse users on the sytem # as they cannot be seen by non-root users. # ############################################################################### ### Functions function safemove { FILENAME=$1 # All error conditions that could prossibly trip if [ "${FILENAME}" = "." ] ; then return ; fi if [ "${FILENAME}" = ".." ] ; then return ; fi if [ -b /${FILENAME} ] ; then return ; fi if [ -c /${FILENAME} ] ; then return ; fi if [ -d /${FILENAME} ] ; then return ; fi if [ -p /${FILENAME} ] ; then return ; fi # These are the ones that are likely to trip if [ -L /${FILENAME} ] ; then return ; fi if [ "${FILENAME}" = "unix" ] ; then return ; fi if [ -f /${FILENAME} ] and [ ! -f /root/${FILENAME} ] then echo "Moving ${FILENAME}...\c" mv /${FILENAME} /root/${FILENAME} # Ewwww, a global! - Seems like the easiest way to go. MOVEDFILES=1 echo "Done." fi return 1 } ### Set globals # This determines if we will run chuser or not. CHUSER=1 MOVEDFILES=0 ### main() ### Check the OS echo "Determining where we are...\c" # The case is designed to support multiple OS's. A possible future extension. case `uname -s` in AIX) echo "AIX." ;; *) echo "Unknown OS." ; echo "ERROR: OS not supported." ; exit 1 ;; esac ### Insure that we are run as root echo "Checking id of user executing script...\c" if [ `id -u` -eq 0 ] then echo "root." else echo `id -un`. echo "ERROR: You must be root to run this script." exit 1 fi ### Look for root's current home echo "Determining root's current home...\c" ROOT_HOME=`lsuser -a home root | sed -e "s/.*=//"` echo ${ROOT_HOME}. # If it is not / then it has been changed. Don't change again. case "${ROOT_HOME}" in "/") CHUSER=1 ;; "/root") CHUSER=0 ;; *) echo "ERROR: Current home is not the expected value." ; exit 1 ;; esac ### Check for a /root directory echo "Checking for a /root directory...\c" if [ -d /root ] then echo "Found." else echo "None." echo "Creating a /root directory...\c" mkdir /root if [ -d /root ] then echo "Done." else echo "Failed." echo "ERROR: Unable to create a /root directory." exit 1 fi fi ### Set proper permissions on /root echo "Setting proper permissions on /root...\c" # We choose 750 so that regular users cannot read the contents # of the root users home. This is more consistent with other users # permissions on the system. chmod 750 /root echo "Done." ### Only change root's home if it has not been done. if [ ${CHUSER} -eq 1 ] then echo "Changing root's home...\c" chuser home=/root root if [ "`lsuser -a home root | sed -e "s/.*=//"`" != "/root" ] then echo "Failed." exit 1 fi echo "Done." fi ### Only move files if it has not been done. if [ ${CHUSER} -eq 1 ] then MOVEDFILES=0 for FILE in `ls /` do safemove ${FILE} done if [ ${MOVEDFILES} -eq 1 ] then echo NOTE: Some files were moved to the new root. It may be necessary to manually echo check for any remaining files. fi fi