“You keep moving the goal posts.” No I’m not doing that, and I’m not asking for help with sorting out my users.
I’m inviting suggestions for a script that will verify that all the users on an account have enhanced security set.
This won’t necessarily be useful for everyone, of course; as has been explained, some users need not to have enhanced security. But it should be useful for a large number of people.
Especially based on what we’ve seen here over the last few weeks. We’ve had even long-time experts admitting they got hacked recently because of something they did wrong years ago and never bothered to tidy up. In general it’s unrealistic to expect people to manually log in to each of their users and check things that could easily be checked automatically, if there were a script to do it.
I’m even ready to put in effort helping write such a script, but I’m definitely not the right person to do it as I have no experience in this area. I’ve tried a few approaches and they have problems. I could bring these to the forum and ask for suggestions, but before I do that, it would be better to see if any experts would like to provide reliable scripts and solve the problem for everyone. What I can do is try out people’s suggestions and see if they work correctly.
So as I mentioned, I tried your suggestion, “ssh into each of your users and ls -al | head -2”
… and found that it does not work correctly. Your assumption that it returns information about the user’s home directory breaks when the home directory contains files or directories preceding ‘.’ in collating sequence.