The problem statement, all variables and given/known data:
Need to verify that all user home directories are writable only by their owner on Solaris. The script posted below is workable but it is taking a long time to display the results, and I don't seem to be able to fix it or find any alternative way to it.
Relevant commands, code, scripts, algorithms:
My friend says it's the `su - $i -c "ls -ld" 2> /dev/null | grep ^d | awk '{print $1}'` part that is causing the problem but his not sure what to do either.
The attempts at a solution (include all code and scripts):
#!/usr/bin/bash
clear
echo " Verifying if user home directories are writable only by their owner"
echo
TEMPFILE=/permgrep.txt
TEMPFILE2=/namegrep.txt
accno=0
h=1
no=1
Ps=0
Fs=0
if [ ! -f ${TEMPFILE} ]
then
touch ${TEMPFILE}
fi
if [ ! -f ${TEMPFILE2} ]
then
touch ${TEMPFILE2}
fi
ACCOUNTS=`cat /etc/passwd | awk -F: '{print $1}'`
array=($ACCOUNTS)
for i in "${array[@]}"
do
let "accno += 1"
PRINTER=`su - $i -c "ls -ld" 2> /dev/null | grep ^d | awk '{print $1}'`
if [ -n "$PRINTER" ]
then
echo $PRINTER >> $TEMPFILE
echo $i >> $TEMPFILE2
fi
done
echo
for line in $(cat /permgrep.txt)
do
READTF2=`head -$h /namegrep.txt | tail -1`
if [ $line == 'drwxr-xr-x' ]
then
echo $no"-"$READTF2": PASS"
let "h += 1"
let "Ps += 1"
else
echo $no"-"$READTF2": FAIL"
let "h += 1"
let "Fs += 1"
fi
let "no += 1"
done
nohodi=`expr $accno - $Ps - $Fs`
echo " Total user accounts: "$accno
echo " Pass: "$Ps
echo " Fail: "$Fs
echo " no home directory : "$nohodi
rm /namegrep.txt
rm /permgrep.txt
I dont know...
Were you asked to do such a laborious script for such a simple question?
Why use su? No need for chcecking perms on directories unless you have trick ones where others is set to ---... is it the case? (if so you only need to execute your script as root...)
Usually all users with home directories are in ~/home/ often in solaris /export/home...
Why not start here by reading the names of the directories and use that for your tests:
1) does it belong to the user
2) is perms set correctly...
Hint 1: in both bash and ksh, ~user expands to that users home directory.
Hint 2: ls -ld will give a long listing of a directory instead of its contents.
Hint 3: you can extract the relevant information (rights, owner, group, and the full path (if needed)) using and awk one-liner.
Hint 4: The line
if [ $line == 'drwxr-xr-x' ]
will fail if the group and/or others don't have those exact rights on the directory
Hi guys, thanks for the replies. i wasn't told to write a script that long. I know it's redundant, but i this is the only way i know how to... The requirement is to just get the script to check the perms on all users home directory and display if they are only writable by their owners. The script actually works OK, but the problem is it just takes to long to run and i was told to find another way, which i have no idea how to. So I'm kinda stuck here. =(
Look at this bit of code (the best would be that you use it and see its output...) and see if inspiration comes, it should with the Hints given to you...
Let's not forget the "find" command which can match on partial permissions of a file or directory.
This example is not a solution to the question but illustrates how to search for the bad directories (i.e. those writeable by group or other).
It does not check that the owner of the home directory has write permissions or whether the directory exists.
It uses "listusers" to generate the initial list of users to avoid pointlessly searching system directories.
# Generate list of non-system users
listusers | awk '{print $1}' | while read USERNAME
do
# Extract home directory from /etc/passwd
USERHOME=`grep \^${USERNAME}: /etc/passwd | awk -F: '{print $6}'`
# Search home for directories writeable by group or other
find ${USERHOME}/ -type d \( -perm -000020 -o -perm -000002 \) -exec ls-ald {} \;
done