awk/gawk/sed - read lines from file1, comment out or delete matching lines in file2

rascal84 · 05-23-2006, 08:26 PM

So here's what I'm up to. Feel free to give me other solutions or just point me in the right direction.

Please don't just send me to the man pages. I have already read them, but my understanding of programming / scripting isn't up to snuff. I'm working on that.

I want to restrict ftp users on a system that I'm running without having to manually add them to a restricted list, so my solution is to create a list of all users on the system and output the list to the denied ftp users file.

############
names.awk
1 BEGIN {
2 FS=":"
3 }
4 {
5 print $1
6 }
############
gawk -f names.awk /etc/passwd |sort -o /etc/ftpusers
############

After that I manually vi the ftpusers file and comment out or delete the users that are ALLOWED to login.

What I would like to do is create a file with ALLOWED users:

############
user1
user2
user3
user4
############

and check the ftpusers file against the allowedusers file, commenting out or deleting any lines that match.

############
adm
apache
bin
#user1
#user2
#user3
#user4
nobody
mail
postfix
etc...
############

I tried reaching my goal - denying all ftp access except allowed list - by changing the /etc/pam.d/ftp file from:

############
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
############

to

############
auth required pam_listfile.so item=user sense=allow file=/etc/ftpusers onerr=succeed
############

but that did not work at all.

So basically I would like to just create a script that does the file comparison that I described earlier, or find another way to manage who has access to ftp and who doesn't.

I'm not a total linux newbie, but I will admit that I haven't worked with it that long and I'm not a programmer, so coding stuff (shell scripts for example) isn't really my thing.

I suppose this could also be done using more/less & grep with the -v option, but awk/gawk/sed looked like a better solution.

Thanks in advance for the help - by the way, this is my first post on LinuxQuestions.org!!

***EDIT***
I found this other thread:
http://www.linuxquestions.org/questi...d.php?t=446640
which is basically what I want to do, but I would still like other input on the problem (managing who has ftp access to the system) if anyone has any ideas.

Thanks again!

berbae · 05-24-2006, 09:19 AM

Hello rascal84
Welcome here!
For the script part of your question I propose something like that :

Code:

SCRIPT=`sed '{s!^\([[:alnum:]]*\)$!\{ s/^\1$/#\1/ \}!}' allowedusers`
sed "$SCRIPT" ftpusers >deniedusers

the first sed generates a script for the second sed!
This results with a hash sign before the allowed users in the deniedusers file.
Regards.