olemd/bash.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit: modular bash configuration

Browse source 
Reinitialised repo to purge credential history.
Credential files are now gitignored with .example templates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Ole-Morten Duesund 2026-03-06 11:57:24 +01:00
commit 4cfec0b336
22 changed files with 364 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
00-credential-guard Executable file
View file

@ -0,0 +1,19 @@
# shellcheck shell=bash
# Helper to warn if a credential file has loose permissions
# require_private <file>
# Emits a warning to stderr if the file is group- or world-readable.
require_private() {
local file="$1"
[[ -f "$file" ]] || return 0
local perms
perms=$(stat -c %a "$file" 2>/dev/null) || {
echo "bash.d: WARNING: cannot check permissions on $file (stat failed)" >&2
return 1
}
# Check that group and other bits are both zero (e.g., 600, 700)
# Uses arithmetic on octal value to handle both 3- and 4-digit modes
if (( (8#$perms) & 8#077 )); then
echo "bash.d: WARNING: $file is group/world-accessible (mode $perms). Run: chmod 600 $file" >&2
fi
}