+.\" -*-nroff-*-
.TH chkpath 1 "6 April 1999" "Local tools"
.SH NAME
chkpath \- check a path string for security
.B PATH
environment variable is examined.
.PP
-Each directory in turn is broken into its consitituent parts and every
+Each directory in turn is broken into its constituent parts and every
step which must be made through the filesystem to reach that directory
from the root is scrutinized for vulnerabilities. The checks made
against each directory and symbolic link along the way are as follows:
-.IP 1.
+.IP " 1."
No step should be a directory which is world-writable unless its sticky
bit is set, and it's not the final step.
-.IP 2.
+.IP " 2."
No step should be a directory which is group-writable unless its sticky
bit is set, and it's not the final step. (However, see the
.B \-t
option below.)
-.IP 3.
+.IP " 3."
No step should be a directory owned by another user (other than root).
-.IP 4.
+.IP " 4."
No step should be a symbolic link inside a sticky directory and owned by
another user.
.PP
objective is that nobody other than the user and the superuser should be
able to add or change the set of files available within the directories
of the path(s).
-.SS OPTIONS
+.SS Options
The following command line options are available:
.TP
.B "\-h, \-\-help"
.TP
.B "\-V, \-\-version"
Displays
-.BR chkpath 's
+.BR chkpath 's
version number.
.TP
.B "\-u, \-\-usage"
.B chkpath
doesn't warn about directories group-owned by groups you're a member
of. In other words, it trusts your fellow group-members
-.IR "in their capacity as group-owners only" .
+.IR "in their capacity as group-owners only" :
.B chkpath
will still warn about directories owned by people in your groups.
.TP
.SH BUGS
None known.
.SH SEE ALSO
-.BR tmpdir (1).
+.BR tmpdir (1),
+.BR checkpath (3).
.SH AUTHOR
Mark Wooding (mdw@nsict.org).