$HOME can be unset. Therefore tilde ~ is the solution. (source: https://www.gnu.org/software/bash/manual/html_node/Tilde-Expansion.html)

Here are my two solutions

HOME="$(cd ~ && pwd)"

and

HOME="$(cd ~ && ${PWD})"

Which should I use? pwd or ${PWD}? Or do you have an other/better solution?

CodePudding user response：

If "bulletproof" means reliably giving the system's idea of the user's home directory, and does not cover the user attempting to stymie this, then for bash you just need to do:

unset HOME
HOME=~

This is because, from reading the bash source code (in particular, the file shell.c), it looks like when HOME is unset, the value of ~ is generally taken directly from the pw_dir field of the entry returned by calling getpwuid on the uid obtained by calling getuid.

It's probably not possible to fully protect against nefarious actions by the caller of your code.

CodePudding user response：

Perhaps something like this would be reasonable bulletproof

HOME=$(/usr/bin/getent passwd $EUID | /usr/bin/cut -d: -f6)

edit 1

As @Shawn mentioned, we can use EUID which is read-only.

edit 2

as @Fravadona noticed, getent is not available on macOS, then either you can write some small C program or even use python (python 2.7 which is still the default on macOS mid-2022)

HOME=$(/usr/bin/python -c 'from __future__ import print_function; import os; import pwd; print(pwd.getpwuid(os.getuid()).pw_dir)')