User directories follow system directories in PATH (UNIX)

Module: User Files

The check reports users with user directory entries that are located before the system directory entries in their PATH variables. Use the check's name list to exclude or include users and user groups that are not already included or excluded by the Users to check option. Enable one, but not both, of the PATH (using su) or PATH (modifying startup script) options before executing this security check.

The following table lists the error message for the check.

Table: Error message for User directories follow system directories in PATH

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information


Category: System Error

UNIX (5438)

Title: User directory too early in path

Description:The named user has defined a path that puts a user directory before a system directory. This is a security problem if the user's current directory is set to a directory where other users have write access. The user can be "spoofed" when a common system command such as 'ls' is placed in that directory and executed instead of the system 'ls'. You should move the user directory to the end of the path where the PATH environment variable is set in the .login, .cshrc, or .profile script file for this user.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]