identify those users who have forbidden files in their home directory

[catalint]

Hello there,

I have to create a script to identify those users who have un-sanctioned(forbidden) files in their home directory.
I tried something like this(this is a try and i nedd some opinions):

Code:

#!/bin/bash

user_belongs()
{
if `groups $var1 | grep $var2`
then
return 0 else
return 1
fi

}



home_dir="/export/home/catalin"
username="catalin"
strOwner="owner"
strUser="user"
strGroup="group"
strOther="other"
strNoRights="---"

for i in $(ls -F $home_dir)
do
   #echo $i
   user_rights=`getfacl $i | grep $strUser | cut -d: -f3`
   group_rights=`getfacl $i | grep $strGroup | cut -d: -f4`
   other_rights=`getfacl $i | grep $strOther | cut -d: -f2`
   owner_file=`getfacl $i | grep $strOwner | cut -d: -f2`
   group_file=`getfacl $i | grep $strGroup | cut -d: -f2`
  

  # if [ "$username != $owner_file "] then 

     if !user_belongs $username $group_file then 
         echo "User $username doesn't belongs to group $group_file"
 
         else
             if $group_rights=$strNoRights then

            echo "User $username belongs to group $group_file but has no rights"  
             fi          

      if !user_belongs $username $other_file then
         echo "User $username doesn't belongs to other group $other_file"
              else
                if $other_rights=$strNoRights then

                 echo "User $username belongs to other $group_file group but has no rights"  
                fi          

......
		
done

For a good understanding i have an user "john" with home directory to /export/home/john and here i have many files

Code:

-rwxrwxrwx   1 john     john         919 May 16 10:29 script.sh
-rwx------       1 elvis     elvis         138 Mar 24 11:40 readme.txt

As you sea john has no rights for readme.txt (the owner for it is elvis).
this interests me


Thanks.

[ramin.honary]

Why not use "find" to gather facts instead?

Code:

find $userHome \
    -type f # if item in question is a plain file, not a directory
    -user "$userName" \ # if the owner of the file is correct
    -perm "-o-wx" \ # if the permissions bits are acceptable
    -printf "" \ # then the file is OK, so print nothing
  -o \ # or else...
    -print \ # assume the file is "bad", so print its path (prepending "$userHome")
  >>"$userName.unsanctioned-files.list"

This is just an example, so you will need to refer to the "find" manual page to set-up the correct find-tests -- I don't understand exactly what it is you consider to be "unsanctioned".

Also, when using the "for i in $(ls -F); do ...; done" structure, the "for" loop breaks up values by whitespace. In your case, since you simply do "ls", and not "ls -l", it will be OK so long as none of the user's home directories have whitespace in their names. But in this case, I find it better to use this instead:

Code:

ls -F | while read i; do ...; done

The "read" command takes whole lines (including white spaces) and stores each line into "i" on each loop, stopping at the end of input. The only problem is, everything in the while loop is executed in a sub-shell which means assigning variables will not be visible outside of the loop -- but that need not be a problem.