LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-29-2005, 07:21 AM   #1
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
Question does this user exists in the system?


Dear All,

in what file does smbldap stores the user passwords? can i grep into this file to find out any user info? (just like grep xxx /etc/passwd). I don't know for sure but i think the whole password file is encrypted.

i want to know whether a certain user has account in the system or not. like i have an account in my redhat machine as prozac. previously i could find out by using grep in /etc/passwd and checking the exit code of the grep command. the problem is that the system in which i want this script to run has smb-openldap for authenticating LAN users (central authentication).

is there any other way i can know whether a user has account in the system or
not?

i want this for the acl script i am writing. its not complete but it works for setting acl's in single regular file only.
Code:
#!/bin/sh

##filename	: aclset.sh
##author	: prozac
##date created	: 29 december 2005

# script to set acl's in files and directories

## Definitions
UNFIT="0"
FIT="1"
SUCCESS="0"
RX="rx"
RWX="rwx"

# give a menu first
while [ "$UNFIT" -ne "$FIT" ];
do

clear

COMMAND=""
FILENAME=""
USER=""
PERMISSION=""
DIRNAME=""

echo "---------------------------------------------------"
echo "             aclset control panel                  "
echo "---------------------------------------------------"
echo "1. add acl in file(s)"
echo "2. modify acl in file(s)"
echo "3. revoke acl in file(s)"
echo "4. add acl in directory"
echo "5. modify acl in directory"
echo "6. revoke acl in directory"
echo "---------------------------------------------------"

read -e -s -n1  -p "select[1-6/(q)uit]:" COMMAND

case $COMMAND in
1)
	while [ "$UNFIT" -ne "$FIT" ];
	do
	read -e -p "filename:" FILENAME
	if [ ! -z "$FILENAME" ]; then
		if [ -e $FILENAME ]; then
			if [ ! -d $FILENAME ]; then
				UNFIT=$FIT
			else
				echo "'$FILENAME' is a directory!"
			fi
		else
			echo "'$FILENAME' doesn't exists!"
		fi
	else
		echo "'$FILENAME' :Bad filename!"
	fi
	done
	UNFIT="0"
	while [ "$UNFIT" -ne "$FIT" ];
	do
	read -e -p "username:" USER
	if [ ! -z "$USER" ]; then
		grep $USER /etc/passwd ##Can't do this!
		if [ "$?" -eq "$SUCCESS" ]; then
			UNFIT=$FIT
		else
			echo "'$USER': not in /etc/passwd!"
		fi
	else
		echo "Bad username!"
	fi
	done
	UNFIT="0"
	while [ "$UNFIT" -ne "$FIT" ];
	do
	read -e -p "permission:" PERMISSION
	if [ ! -z $PERMISSION ]; then
		if [ "$PERMISSION" == "$RX" ] || [ "$PERMISSION" == "$RWX" ]; then
			UNFIT=$FIT
		else
			echo "USAGE:'permission can only be rx or rwx!"
		fi
	else
		echo "'$PERMISSION' :Bad Permission!"
	fi
	done
	setfacl -m u:$USER:$PERMISSION $FILENAME
	if [ "$?" -eq "$SUCCESS" ]; then
		echo "acl added for $FILENAME with $USER = $PERMISSION"
		getfacl $FILENAME
	else
		echo "failed to apply acl!"
	fi
	sleep 2
	UNFIT="0"
	;;
q) 
	UNFIT=$FIT
	;;
exit)
	UNFIT=$FIT
	;;
*)
	echo "Please select a correct value!"
	sleep 1
	;;
esac
clear
done

Last edited by prozac; 12-29-2005 at 07:23 AM.
 
Old 12-29-2005, 08:20 AM   #2
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,232
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
If you are storing your users in ldap you must do a query against the ldap database..

http://www.openldap.org/software/man...se&format=html
 
Old 12-29-2005, 08:21 AM   #3
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374
Hi,

You could use the id command to check if a user has an account.

Usage:
id <user>

Output:
uid=501(<user>) gid=500(users) groups=500(users),203(news) (or alike)

Output for non excisting user:
id: blaat: No such user

man id for details.

You could send all output from the id command to /dev/null and check the exit code. An echo $? immediately after the command will show the exit code (0 [zero] is ok. Anything else: not ok)

Hope this helps.
 
Old 12-29-2005, 11:40 PM   #4
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Original Poster
Rep: Reputation: 32
for the immediate purpose the id command seems the best. thankyou drunna! i will also be checking the ldap man files. I will post the script once i complete it and make it bug free so that other's too can use it.
 
Old 01-03-2006, 01:53 AM   #5
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Original Poster
Rep: Reputation: 32
Smile aclset.sh

as promised here's the script anyway (hope somebody finds a use for it).

Last edited by prozac; 01-03-2006 at 02:36 AM.
 
Old 01-03-2006, 02:02 AM   #6
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Original Poster
Rep: Reputation: 32
Smile aclset.sh

prior to running this script please keep the following in mind:

0. your system must support acl, if it doesn't please google to find out how you can.

1. you will need to edit the aclset.sh file and make some changes as suggested there.

2. VALID_USERS must have rwx permissions to RESTRICTED_DIRECTORY

3. please make sure aclset.sh file only has rx permissions for everbody except root

4. setfacl command is better than this if you know how to use it

5. help file is not available

i only wrote this because i had to (in my situation). basically, this script facilitates users other than root to set acl's for some other users.

feedbacks(any kind) are welcome !

Code:
#!/bin/sh

##################################################################
## filename	: aclset.sh
## version	: 1.0
## author	: prozac
## date created	: 3 JANUARY 2006
## summary	: script to set acl's in directories
##################################################################

##################################################################
### Definitions
##################################################################
LOGFILE=".aclset.log" 			# logfile name

RESTRICTED_PATH=""			# enter the absolute path to the restricted directory
HOME_PATH=""				# absolute path to the directory where 'aclset.sh' resides 
VALID_USERS=""				# system users who can run this script

TAIL_LINES="10"

UNFIT="0"				 
FIT="1"					 
SUCCESS="0"				
FAILED="1"

READ="r"				 
READ_WRITE="rw"				 
READ_EXECUTE="rx"			 
READ_WRITE_EXECUTE="rwx" 		 

CURRENT_USER=$LOGNAME

###################################################################
### Functions
###################################################################

### set acl for which directory?
get_path()
{
	while [ "$UNFIT" -ne "$FIT" ];
	do
	read -e -p "directory:" FILENAME
	if [ ! -z "$FILENAME" ]; then
                if [ -e $FILENAME ]; then
                        if [ -d $FILENAME ]; then
				scope_check;
                        else
                                echo "'$FILENAME' is a not a directory!"
                        fi
                else
                        echo "directory '$FILENAME' doesn't exists!"
                fi
        else
                main;
        fi
	done
	UNFIT="0"
}

### set acl for which user?
get_user()
{
	while [ "$UNFIT" -ne "$FIT" ];
	do
        read -e -p "username:" USER
        if [ ! -z "$USER" ]; then
                id $USER > /dev/null;
                if [ "$?" -eq "$SUCCESS" ]; then
                        UNFIT=$FIT
                else
                        echo "'$USER': doesn't exists!"
                fi
        else
                get_path;
        fi
	done
	UNFIT="0"
}

### what kind of acl?
get_perm()
{
	while [ "$UNFIT" -ne "$FIT" ];
	do
        read -e -p "permission:" PERMISSION
        if [ ! -z $PERMISSION ]; then
                if [ "$PERMISSION" == "$READ" ] || [ "$PERMISSION" == "$READ_WRITE" ] || [ "$PERMISSION" == "$READ_EXECUTE" ] || [ "$PERMISSION" == "$READ_WRITE_EXECUTE" ]; then
                        UNFIT=$FIT
                else
                        echo "USAGE:'permission can only be r,rw,rx or rwx!"
                fi
        else
                get_user;
        fi
	done
	UNFIT="0"
}

### backup acl's before attempting to set new
get_acl()
{
	echo "------------------------------" >> $LOGFILE;
	echo "`getfacl $FILENAME`" >> $LOGFILE;
	echo "------------------------------" >> $LOGFILE;

}

### all information in hand, now set acl
set_acl()
{
	
	get_acl; # take backup first

        setfacl -R -m u:$USER:$PERMISSION $FILENAME
        if [ "$?" -eq "$SUCCESS" ]; then
                echo "acl added for $FILENAME with $USER = $PERMISSION";
                echo "MODIFY SUCCESS! <$USER:$PERMISSION:$FILENAME>" >> $LOGFILE;
        else
                echo "MODIFY FAILED! <$USER:$PERMISSION:$FILENAME>" >> $LOGFILE;
        fi

}

### revoke acl for given user
revoke_acl()
{
	get_path;
	get_user;
	
	get_acl; # take backup first

	setfacl -x u:$USER $FILENAME
	if [ "$?" -eq "$SUCCESS" ]; then
                echo "REVOKE SUCCESS! <$USER:$FILENAME>" >> $LOGFILE;
		echo "acl revoke successful!"
	else
		echo "REVOKE FAILED! <$USER:$FILENAME>" >> $LOGFILE;
		echo "acl revoke failed!"
	fi

}

### list acl for given directory
list_acl()
{

	get_path;
	echo "=================================================================================="
	echo "current acl for $FILENAME"
	echo "=================================================================================="
	getfacl $FILENAME
	echo "=================================================================================="

}

### restore previously applied acl's
restore_acl()
{

	get_path;

	get_acl; # take backup first

	setfacl -b $FILENAME
	if [ "$?" = "$SUCCESS" ]; then
                echo "RESTORE SUCCESS! <$FILENAME>" >> $LOGFILE;
		echo "all acl's restored successfully!"
	else
		echo "RESTORE FAILED! <$FILENAME>" >> $LOGFILE;
		echo "Error! couldn't restore acl's"
	fi

}


### display the help file
show_help()
{

	more help.txt

}

### show transaction log
show_log()
{

	if [ ! -e $LOGFILE ]; then
		echo "sorry! no log files found"
	else
		read -e -p "Display last ?? lines [default 10]:" TAIL_LINES;
		if [ "$TAIL_LINES" == "" ]; then
			TAIL_LINES=10;
		fi
	        echo "=================================================================================="
        	echo "displaying last $TAIL_LINES lines from $LOGFILE.."
	        echo "=================================================================================="
	        tail -$TAIL_LINES $LOGFILE;
        	echo "=================================================================================="
	fi
		

}

### list all files in $RESTRICTED_PATH
show_files()
{

	echo "=================================================================================="
        echo "listing all directories recursively in $RESTRICTED_PATH"
	echo "=================================================================================="
	ls -lhXR --color=auto $RESTRICTED_PATH |grep ./ | sed s/://
	echo "=================================================================================="

}

authenticate()
{

VALID=$FAILED;
for v in $VALID_USERS
do
if [ "$CURRENT_USER" == "$v" ]; then
	VALID=$SUCCESS;
	break;
fi
done	
if [ "$VALID" -eq "$SUCCESS" ]; then
	echo "`date`:Session opened by: $CURRENT_USER" >> $LOGFILE;
else
	echo "$CURRENT_USER, cannot run this program for you!"
	echo "`date`:Login attempt by: $CURRENT_USER" >> $LOGFILE;
	read -e -s -n1  -p "hit any key to continue.." COMMAND
	exit
fi

}

scope_check()
{
	cd $FILENAME
	ls -R $RESTRICTED_PATH |sed s/:// |grep `pwd` >> /dev/null
	if [ "$?" -eq "$SUCCESS" ]; then
		UNFIT=$FIT;	
	else
		echo "Out of scope error! Scope is: $RESTRICTED_PATH"
	fi
	cd $HOME_PATH
}

###################################################################
### Main
###################################################################
main()
{
authenticate;


while [ "$UNFIT" -ne "$FIT" ];
do
	clear;
	
	COMMAND=""
	FILENAME=""
	USER=""
 	PERMISSION=""
	i=0
	
	# give a menu first
	echo "---------------------------------------------------"
	echo "             aclset control panel                  "
	echo "---------------------------------------------------"
	echo "1. add/modify a user in acl                        "
	echo "2. revoke user rights from acl                     "
	echo "3. list acl for a directory                        "
	echo "4. restore defaults                                "
	echo "5. show all directories                            "
	echo "6. help                                            "
	echo "---------------------------------------------------"

	read -e -s -n1  -p "select[1-6/(q)uit]:" COMMAND

	case $COMMAND in
		1)
			get_path;
			get_user;
			get_perm;
			set_acl;
			read -e -s -n1  -p "hit any key to return.." COMMAND
			;;
		2)
			revoke_acl;
			read -e -s -n1  -p "hit any key to return.." COMMAND
			;;
		3)
			list_acl;
			read -e -s -n1  -p "hit any key to return.." COMMAND
			;;
		4)
			restore_acl;
			read -e -s -n1  -p "hit any key to return.." COMMAND
			;;
		5)
			show_files;
			read -e -s -n1  -p "hit any key to return.." COMMAND
			;;
		6)	
			show_help;
			;;
		s)	
			show_log;	
			read -e -s -n1 -p "hit any key to return.." COMMAND
			;;
		q) 
			UNFIT=$FIT
			;;
		exit)
			UNFIT=$FIT
			;;
		*)
			echo "Please select a correct value!"
			sleep 1
			;;
	esac
done
echo "`date`:Session closed by: $CURRENT_USER" >> $LOGFILE;
echo "===END===" >> $LOGFILE
exit;
}

main;
###################################################################
### End
###################################################################
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
where does 'su' look to determine if a user exists? MisterESauce Linux - Software 5 04-13-2005 10:18 AM
SIOCADDRT: File exists SIOCCADDRT: File Exists Failed to bring up eth0. opsraja Linux - Networking 0 01-10-2005 09:29 AM
Does anyone know of a bash script that will determine if RPM exists on a system? jimwelc Linux - Software 3 12-28-2004 04:01 PM
can't log in since no user account exists scarecrow Linux - Newbie 13 09-11-2004 03:02 PM
MySQL db exists, can't connect to it, do I need to add user to it? Hero Doug Linux - General 7 01-09-2004 04:54 PM


All times are GMT -5. The time now is 06:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration