X-Git-Url: https://git.distorted.org.uk/~mdw/checkpath/blobdiff_plain/4a1f00c41d56ea1656232622bf55f856c218a0e2..fffc1e8c9a4e3beb27ca439bd873759e0f00e0b8:/chkpath.1 diff --git a/chkpath.1 b/chkpath.1 index 313f0a8..181cc09 100644 --- a/chkpath.1 +++ b/chkpath.1 @@ -1,9 +1,12 @@ +.\" -*-nroff-*- .TH chkpath 1 "6 April 1999" "Local tools" .SH NAME chkpath \- check a path string for security .SH SYNOPSIS .B chkpath .RB [ \-vqstp ] +.RB [ \-g +.IR group ] .RI [ path ...] .SH USAGE The @@ -14,7 +17,7 @@ value of the .B PATH environment variable is examined. .PP -Each directory in turn is broken into its consitituent parts and every +Each directory in turn is broken into its constituent parts and every step which must be made through the filesystem to reach that directory from the root is scrutinized for vulnerabilities. The checks made against each directory and symbolic link along the way are as follows: @@ -36,7 +39,7 @@ The author is not aware of any weaknesses in this ruleset. The objective is that nobody other than the user and the superuser should be able to add or change the set of files available within the directories of the path(s). -.SS OPTIONS +.SS Options The following command line options are available: .TP .B "\-h, \-\-help" @@ -45,7 +48,7 @@ Displays a relatively verbose message describing how to use .TP .B "\-V, \-\-version" Displays -.BR chkpath 's +.BR chkpath 's version number. .TP .B "\-u, \-\-usage" @@ -59,6 +62,19 @@ effect, so put more in for more verbosity. Note that verbose doesn't mean the same as interesting. The default is to report problems with directories and system errors. .TP +.B "\-g, \-\-group " group +Consider members of +.I group +to be trustworthy: +.B chkpath +won't warn about a directory being group-writable if its gid matches +.IR group . +The +.I group +may be a group name (looked up in +.BR /etc/group ) +or a numeric gid in decimal. +.TP .B "\-q, \-\-quiet" Makes .B chkpath @@ -84,7 +100,7 @@ Modifies the ruleset slightly so that .B chkpath doesn't warn about directories group-owned by groups you're a member of. In other words, it trusts your fellow group-members -.IR "in their capacity as group-owners only" . +.IR "in their capacity as group-owners only" : .B chkpath will still warn about directories owned by people in your groups. .TP @@ -105,6 +121,7 @@ PATH=`chkpath -qqp` .SH BUGS None known. .SH SEE ALSO -.BR tmpdir (1). +.BR tmpdir (1), +.BR checkpath (3). .SH AUTHOR Mark Wooding (mdw@nsict.org).