If the script is being run as root, then there should be some way to ensure that the shared config has not been tampered with. A simple method for doing this would be that for any file to be acted on by the script it must have a signature signing the file or link by some authorised key.
The signature files can be stored alongside the files with a special file extension and should be ignored when initialising the files. If a flag or environment variable is set (possibly defaulting to true if being run as root) then signatures should be verified before acting on the file.
The authorised keys which are used to verify with should be stored outside of the synchronised configuration to ensure that this cannot be exploited.
An interactive command line utility can be provided to assist with verifying and signing any files that have changed. The utility would verify files and then prompt the user to view and verify any files that have changed before allowing them to sign them.
If the script is being run as root, then there should be some way to ensure that the shared config has not been tampered with. A simple method for doing this would be that for any file to be acted on by the script it must have a signature signing the file or link by some authorised key.
The signature files can be stored alongside the files with a special file extension and should be ignored when initialising the files. If a flag or environment variable is set (possibly defaulting to true if being run as root) then signatures should be verified before acting on the file.
The authorised keys which are used to verify with should be stored outside of the synchronised configuration to ensure that this cannot be exploited.
An interactive command line utility can be provided to assist with verifying and signing any files that have changed. The utility would verify files and then prompt the user to view and verify any files that have changed before allowing them to sign them.