Skip to content

6.2.11 Ensure local interactive user home directories exist

Audit#

Run the following script to verify all local interactive user home directories exist: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
#!/usr/bin/env bash

{
 output=""
 valid_shells="^($( sed -rn '/^\//{s,/,\\\\/,g;p}' /etc/shells | paste -s -d '|' - ))$"
 awk -v pat="$valid_shells" -F: '$(NF) ~ pat { print $1 " " $(NF-1) }' /etc/passwd | (while read -r user home; do
 [ ! -d "$home" ] && output="$output\n - User \"$user\" home directory \"$home\" doesn't exist"
 done
 if [ -z "$output" ]; then
 echo -e "\n-PASSED: - All local interactive users have a home directory\n"
 else
 echo -e "\n- FAILED:\n$output\n"
 fi
 )
}

Remediation#

If any users' home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate.

The following script will create a home directory for users with an interactive shell whose home directory doesn't exist: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
#!/usr/bin/env bash

{
 valid_shells="^($( sed -rn '/^\//{s,/,\\\\/,g;p}' /etc/shells | paste -s -d '|' - ))$"
 awk -v pat="$valid_shells" -F: '$(NF) ~ pat { print $1 " " $(NF-1) }' /etc/passwd | while read -r user home; do
 if [ ! -d "$home" ]; then
 echo -e "\n- User \"$user\" home directory \"$home\" doesn't exist\n- creating home directory \"$home\"\n"
 mkdir "$home"
 chmod g-w,o-wrx "$home"
 chown "$user" "$home"
 fi
 done
}