I wrote: > Sanitise check $USER before checking it; you don't want > to trapped by someone setting USER to "`chmod a+w /etc/passwd`" My bad ... this is not a problem; merely getting the value of $USER will not execute it. Matt