How to verify all user home directories are writable only by their owner

 
Thread Tools Search this Thread
Homework and Emergencies Homework & Coursework Questions How to verify all user home directories are writable only by their owner
# 1  
Old 11-05-2009
Data How to verify all user home directories are writable only by their owner

1. The problem statement, all variables and given/known data:
Need to verify that all user home directories are writable only by their owner on Solaris. The script posted below is workable but it is taking a long time to display the results, and I don't seem to be able to fix it or find any alternative way to it.

2. Relevant commands, code, scripts, algorithms:

My friend says it's the `su - $i -c "ls -ld" 2> /dev/null | grep ^d | awk '{print $1}'` part that is causing the problem but his not sure what to do either.

3. The attempts at a solution (include all code and scripts):

Code:
#!/usr/bin/bash
clear
echo " Verifying if user home directories are writable only by their owner"
echo

TEMPFILE=/permgrep.txt
TEMPFILE2=/namegrep.txt
accno=0
h=1
no=1
Ps=0
Fs=0

if [ ! -f ${TEMPFILE} ]
then 
touch ${TEMPFILE}
fi

if [ ! -f ${TEMPFILE2} ]
then 
touch ${TEMPFILE2}
fi

ACCOUNTS=`cat /etc/passwd | awk -F: '{print $1}'`
array=($ACCOUNTS) 

for i in "${array[@]}"
do
let "accno += 1"
PRINTER=`su - $i -c "ls -ld" 2> /dev/null | grep ^d | awk '{print $1}'`
if [ -n "$PRINTER" ]
then
echo $PRINTER >> $TEMPFILE
echo $i >> $TEMPFILE2
fi
done

echo

for line in $(cat /permgrep.txt)
do

READTF2=`head -$h /namegrep.txt | tail -1`

if [ $line == 'drwxr-xr-x' ]
then
echo $no"-"$READTF2": PASS"
let "h += 1"
let "Ps += 1"

else
echo $no"-"$READTF2": FAIL"
let "h += 1" 
let "Fs += 1"
fi

let "no += 1"

done

nohodi=`expr $accno - $Ps - $Fs`

echo "   Total user accounts: "$accno
echo "   Pass: "$Ps
echo "   Fail: "$Fs
echo "   no home directory : "$nohodi

rm /namegrep.txt
rm /permgrep.txt

4. School (University) and Course Number:
TP, COH

Last edited by DukeNuke2; 11-05-2009 at 05:09 AM.. Reason: please use code tags...
# 2  
Old 11-05-2009
I dont know...
Were you asked to do such a laborious script for such a simple question?
Why use su? No need for chcecking perms on directories unless you have trick ones where others is set to ---... is it the case? (if so you only need to execute your script as root...)
Usually all users with home directories are in ~/home/ often in solaris /export/home...
Why not start here by reading the names of the directories and use that for your tests:
1) does it belong to the user
2) is perms set correctly...
# 3  
Old 11-05-2009
Hint 1: in both bash and ksh, ~user expands to that users home directory.
Hint 2: ls -ld will give a long listing of a directory instead of its contents.
Hint 3: you can extract the relevant information (rights, owner, group, and the full path (if needed)) using and awk one-liner.
Hint 4: The line
Code:
if [ $line == 'drwxr-xr-x' ]

will fail if the group and/or others don't have those exact rights on the directory
# 4  
Old 11-05-2009
Hi guys, thanks for the replies. i wasn't told to write a script that long. I know it's redundant, but i this is the only way i know how to... The requirement is to just get the script to check the perms on all users home directory and display if they are only writable by their owners. The script actually works OK, but the problem is it just takes to long to run and i was told to find another way, which i have no idea how to. So I'm kinda stuck here. =(

Last edited by NuuBe; 11-05-2009 at 10:52 AM..
# 5  
Old 11-05-2009
Look at this bit of code (the best would be that you use it and see its output...) and see if inspiration comes, it should with the Hints given to you...
Code:
#!/usr/bin/sh
cat /etc/passwd | awk -F: '{print $1}'|while read USER
do
 DATA=$(ll -ld ~$USER)
 F1=$(echo $DATA| awk '{print $1}')
 echo DATA=$DATA
 echo F1=$F1
 F2=$(echo $DATA| awk '{print $3}')
 echo F2=$F2
 # etc...
 # if [
 #
 #...
 #fi
done

# 6  
Old 11-05-2009
Let's not forget the "find" command which can match on partial permissions of a file or directory.
This example is not a solution to the question but illustrates how to search for the bad directories (i.e. those writeable by group or other).
It does not check that the owner of the home directory has write permissions or whether the directory exists.
It uses "listusers" to generate the initial list of users to avoid pointlessly searching system directories.


Code:
# Generate list of non-system users
listusers | awk '{print $1}' | while read USERNAME
do
        # Extract home directory from /etc/passwd
        USERHOME=`grep \^${USERNAME}: /etc/passwd | awk -F: '{print $6}'`
        # Search home for directories writeable by group or other
        find ${USERHOME}/ -type d \( -perm -000020 -o -perm -000002 \) -exec ls-ald {} \;
done

# 7  
Old 11-05-2009
Quote:
Originally Posted by NuuBe
4. School (University) and Course Number:
TP, COH
Completely unacceptable.

Must provide full university name, city, state, country, professor and course number.

No exceptions.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

[Tip] Housekeeping Tasks Made Easy - User Home directories and Leftover Files

We have regularly questions about how to create users and user accounts. But regularly user accounts need to be deleted too. It is quite easy to delete the user account itself but usually the HOME directory of the user remains. It is good style to remove these directories but simply deleting... (3 Replies)
Discussion started by: bakunin
3 Replies

2. Solaris

Giving read write permission to user for specific directories and sub directories.

I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. This is for Solaris. Please help. (1 Reply)
Discussion started by: blinkingdan
1 Replies

3. Shell Programming and Scripting

World writable home dirs

what is wrong with this script? I get: ./perm.sh: command substitution: line 21: unexpected EOF while looking for matching `"' ./perm.sh: command substitution: line 22: syntax error: unexpected end of file Script: #!/bin/bash for dir in `/bin/cat /etc/passwd | /bin/egrep -v... (4 Replies)
Discussion started by: greenja9
4 Replies

4. Solaris

How to unmount user home directories ??

I've allocated /exports for all user directories by making separate directories under /exports..... :rolleyes: now i need to unmount /exports . But i'm unable to do that.. How can i troubleshoot this issue. Thanks in advance:D (2 Replies)
Discussion started by: vamshigvk475
2 Replies

5. Solaris

how to change /export/home/user dir to /home /user in solaris

Hi all i am using solaris 10, i am creating user with useradd -d/home/user -m -s /bin/sh user user is created with in the following path /export/home/user (auto mount) i need the user to be created like this (/home as default home directory ) useradd -d /home/user -m -s /bin/sh... (2 Replies)
Discussion started by: kalyankalyan
2 Replies

6. Shell Programming and Scripting

How to verify all user home directories are writable only by their owner

Hi, I'm currently working on my school assignment on how to verify that all user home directories are writable only by their owner on Solaris with VMware. But I'm not sure why my codes take a very long time to display the results. My friend says it's the `su - $i -c "ls -ld" 2> /dev/null | grep... (1 Reply)
Discussion started by: NuuBe
1 Replies

7. Shell Programming and Scripting

Batch delete specific folder from user home directories

Hi! Need your help. How can I delete the cache folder of multiple user home directories via automatically executed shell script on a Mac OS X Server? Example: The userdata are stored on a Xsan Volume like this: /Volumes/Xsan/userdata/mike /Volumes/Xsan/userdata/peter... (2 Replies)
Discussion started by: nipodrom
2 Replies

8. UNIX for Dummies Questions & Answers

Delete old home directories

I have a script that deletes obselete users from /etc/passwd then moves their home directories to another location. After 30 days, I need to delete the home directories that were moved to the new location. I would appreciate any ideas on how to delete the directories after the 30 days? (2 Replies)
Discussion started by: munch
2 Replies
Login or Register to Ask a Question