Shell script to find enabled system accounts

logicalfuzz · 01-28-2010, 10:27 AM

I wrote a small script that gets me the list of enabled system accounts in my system.

I figure '*' & '!' (in field #2 of /etc/shadow) mean that the account is disabled or they cannot login, hence 'safe-to-ignore'

Code:

IFS=$'\n'
for i in `cat /etc/passwd` #get each line in the passwd file
        do
        var1=`echo $i | cut -d':' -f3` #get user ID field
        if [ $var1 -lt 500 ] && [ $var1 -gt 0 ] #compare to extract relevant IDs
        then
                grep `echo $i | cut -d':' -f1` /etc/shadow >> /tmp/shadow.out
        fi
        done

grep -v "*" /tmp/shadow.out | cut -d':' -f1
rm -f /tmp/shadow.out

The problem that glares out of the output us that user 'haldaemon' appears twice.
Secondly, i feel this script is a bit of a kludge.. Is there a more elegant way to writing this?

BTW i figure the following command gives me the list of system users, but i am not able to find a way to process it further... :-(

Code:

awk -F":" '$3 >= 1 && $3 < 500 { print $1 }' /etc/passwd

David the H. · 01-28-2010, 11:46 AM

Since that last awk line gives you a list of user names, all you need to do is cycle through the list and grab the shadow line for each one.

I recommend setting up a function for this, then you can run it through sort to put it all in order and remove any duplicates.

Also, unless you have some specific need (i.e. compatibility with shells that don't have it), $() is recommended over `` backticks.

Finally, I think the IFS setting is superfluous here, unless there's a chance that there are spaces or tabs in the lines. And the field separator setting in awk takes care of that anyway.

Code:

#!/bin/bash

function shadowlist() {

     for i in $( awk -F ":" '$3 >= 1 && $3 < 500 { print $1 }' /etc/passwd ) ; do 
               grep "$i" /etc/shadow
     done

}

shadowlist | sort -u     #sort the list output and remove duplicates.

exit 0

By the way, I have no idea why it's printing duplicate lines, but grep seems to think there are multiples for some reason. If you don't want to use "sort -u" to filter them, you can instead use the option "-m 1" in grep to tell it to only print the first match.

David the H. · 01-28-2010, 12:59 PM

Ah-ha, I figured out why it's duplicating lines. If you have both "daemon" and "haldaemon" as users, for example, then "grep 'daemon'" matches both users, giving you a duplicate of haldaemon in the output.

Some possible ways I can think of to effectively fix this are to use sort -u on the output, change the grep command to something like 'grep "^$i:"' (the "-m 1" option I gave before wouldn't work in some cases), or to replace grep with something else. You could awk again, for example:

Code:

for i in $( awk -F ":" '$3 >= 1 && $3 < 500 { print $1 }' /etc/passwd ) ; do 
     awk -F ":" -v "user=$i" '$1==user { print }' /etc/shadow
done

No doubt someone will come along and show us a better way, perhaps how to do the whole thing in awk or something.

logicalfuzz · 01-29-2010, 08:52 AM

Quote:

Originally Posted by David the H.

Code:

for i in $( awk -F ":" '$3 >= 1 && $3 < 500 { print $1 }' /etc/passwd ) ; do 
     awk -F ":" -v "user=$i" '$1==user { print }' /etc/shadow
done

Hey thanks David! i took a clue from this piece of code and it works for me :-)