Understanding a Shell Script I Found

carlosinfl · 07-11-2007, 06:05 PM

I was looking through our email server and found this bash script and am not really sure I understand it's function and was wondering if someone on here can look at this and kind of explain this to me of what they think this would be used for...

Code:

#!/bin/bash

PASSWD_MD5=$(/usr/bin/md5sum /etc/passwd | awk '{print $1}')
POSTFIX_PASSWD_MD5=$(/usr/bin/md5sum /var/spool/postfix/etc/passwd | awk '{print $1}')

if [ "$1" == "-debug" ]; then
        DEBUG=1
else
        DEBUG=0
fi

if [ ! "$PASSWD_MD5" == "$POSTFIX_PASSWD_MD5" ]; then
        /bin/cp -f /etc/passwd /var/spool/postfix/etc/passwd
        if [ $DEBUG -eq 1 ]; then
                echo "Copied /etc/passwd file for Postfix."
                echo "/etc/passwd: $PASSWD_MD5"
                echo "Postfix:     $POSTFIX_PASSWD_MD5"
        fi
else
        if [ $DEBUG -eq 1 ]; then
                echo "No need to copy /etc/passwd file to Postfix (They are already the same)."
                echo "/etc/passwd: $PASSWD_MD5"
                echo "Postfix:     $POSTFIX_PASSWD_MD5"
        fi
fi

The name of the script is "postfix-copy-passwd.sh"

bigrigdriver · 07-11-2007, 06:18 PM

Rename the script, then send a test email to see if anything in Postfix breaks. That might tell you what it's intended to do.

On re-examination, the script generates an MD5 sum on /etc/passwd and /var/spool/postfix/etc/passwd. Then a test: if not equal, copy /etc/passwd to /var/spool/postfix/etc/passwd and report the copy, otherwise, report that the files are already the same.

From one point of view, it's a quick way to keep two files in sync so that as passwords change in /etc/passwd, the postfix file is updated. From a crackers point of view, it could be a quick way to hide attacks on password files.