List user access

[csbind]

Hi, I'm currently new to system administration. I was ask to do a task to provide the list of all users in the server and provide the level of access(permissions - Read/Write) for each users on different folders. I know where I can get the list of all the users which is in /etc/passwd but my problem is on how to know which directory and files these users have access. Is there a command for this or do I need to create a script? I'm not really good at shell scripting. Please help me. Thanks.

[riseup]

Not sure if this will help... Try modifying this find command. Perm 040 here means only read permission to group and the output should have file owner info

# find . -perm 040 -type f -exec ls -l {} \

[srj]

Hello,

I hope this will help:

The permissions are set in each file and folder from the filesystem.

If you run the "ls -l" command the output will be something like this:

-rw-r--r-- 1 user1 group2 Dec 04 2012 file

Where:

user1 - is the file owner (username)
group2 - is the group access for this file (any member in that group will access the files accordigly)

The first - is the file type (- for file, d for directory, l for link)
The next 3 characters rw- represents the permissions for the user (user1 in our example)
The next 3 characters r-- represents the permissions for the entire group (group2 in our example)
And the other 3 r-- represents the permissions for others (not user1 and not a member of group2, in our example)

rwx = read, write, execute | if not available - denies access

For the same example:
-rw-r--r-- 1 user1 group2 Dec 04 2012 file

user1 can read an modify the file
members of group2 can only read the file
the same for others, they can only read the file
none can execute

The same goes for directories:

r - can access the directory
w - can modify files inside
x - can access the files inside

I think you have a difficult task there because you need to view the file permissions for all files and folders as seen by the user.
For more information read Linux file permissions

I never heard of any command/script that can help you with this task, but others may know.

Cheers,
Srj

[cnamejj]

I think the first thing you'll need to do is figure out what subset of directories (folders) are of interest. A comprehensive list of all directories each user has read access to, and another list of all the directories they can write to, would be unwieldy. For instance, I just ran a check an there are 92,156 directories on the "/" filesystem on my Ubuntu system. Even if the system you're working on has a lot less than that, a report, CSV or a database show which subset each user can read and read/write would be a difficult to use.

I suspect the people you're working with are concerned with user access to specific data, meaning not the system directories themselves. If you can narrow the focus to certain parts of the filesystems, then it much easier to generate data they can use.

Also, when checking to see if a user can read, write or execute (which means "search" for a directory) a file as described by srj keep in mind that a user may be able to switch to another group. So you can't just go by the UID and GID in their /etc/passwd entry. You should check /etc/group to see if the user is authorized to switch to another group. If their login is listed at the end of a line, meaning after the last ":" in the file, then they are allowed to become that group. So any parts of the filesystem which allow that group access are available to that user, even though they have a different GID in the /etc/passwd file.