Bash script

Justaguy123 · 12-20-2017, 09:09 AM

Hello

I need help with bash scripting
" script finds for each user(chosen users/groups) files which belong to them and other users have access to those files(optional specifically groups) and mail to user list of these files. "

I dont use bash normally and in work i'm actually doing 3 large projects so i dont have enough time for doing this. Can someone help me? I know its easy for you but i'm not familar with programming and those things

sorry for my english

TenTenths · 12-20-2017, 09:17 AM

So what have you done so far?

This is my prefered bash reference http://tldp.org/LDP/abs/html/index.html

Justaguy123 · 12-20-2017, 09:19 AM

I didn't even started. It's very confusing when i read about it, i had only PHP and HTML basics ;(

TenTenths · 12-20-2017, 09:25 AM

Code:

man find
man grep
man awk

Then feel free to show what you've tried and to ask specific questions.

Hints grep /etc/passwd to find / verify a user exists, use awk to get the user id and then read about the find command.

TB0ne · 12-20-2017, 09:45 AM

Quote:

Originally Posted by Justaguy123

I didn't even started. It's very confusing when i read about it, i had only PHP and HTML basics ;(

Then if you already know about PHP and HTML coding, this shouldn't be difficult to learn. But you need to read the "Question Guidelines" link in my posting signature. We are always happy to help you, but we WILL NOT write your scripts for you. You have to some at least SOME effort of your own. Post what you have written/done/tried and tell us where you're stuck.

Otherwise, lots of bash scripting tutorials/examples you can easily find with an internet search...much like how you found this site. And we will never do your homework for you either.

rtmistler · 12-20-2017, 10:38 AM

Quote:

Originally Posted by Justaguy123

Hello

I need help with bash scripting
" script finds for each user(chosen users/groups) files which belong to them and other users have access to those files(optional specifically groups) and mail to user list of these files. "

I dont use bash normally and in work i'm actually doing 3 large projects so i dont have enough time for doing this. Can someone help me? I know its easy for you but i'm not familar with programming and those things

sorry for my english

Quote:

Originally Posted by Justaguy123

I didn't even started. It's very confusing when i read about it, i had only PHP and HTML basics ;(

OK well this seems to be part of your work and to me you should devote some time to learn how to use bash.

The intentions of LQ are that we are not paid support, we are all volunteers and we are here to help you, but also help you to learn about Linux, not to do your effort for you. Continued behavior where you ask people to just complete your work for you may result in you not being able to participate on the LQ site.

A few members have offered some means to get going, and here is another one from my blog, Bash Scripting for Dummies and Geniuses

Also my favorite (self) quote:

Quote:

"Whatever you can type on a command line, you can write in a script."

Justaguy123 · 12-21-2017, 04:38 AM

#!/bin/bash

users=($(awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd))
touch tmp
for user in $users
do
echo "###############################################">> tmp
echo "@@@@@@@@@@@@@@@@@@@@ $user @@@@@@@@@@@@@@@@@@@@">> tmp
echo "###############################################">> tmp
echo " ">> tmp
find / -type f -user $user -perm /333 >> tmp
echo " ">> tmp
done

this is what i made and i stucked

rtmistler · 12-21-2017, 06:58 AM

Quote:

Originally Posted by Justaguy123

#!/bin/bash

users=($(awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd))
touch tmp
for user in $users
do
echo "###############################################">> tmp
echo "@@@@@@@@@@@@@@@@@@@@ $user @@@@@@@@@@@@@@@@@@@@">> tmp
echo "###############################################">> tmp
echo " ">> tmp
find / -type f -user $user -perm /333 >> tmp
echo " ">> tmp
done

this is what i made and i stucked

That script works. What exactly do you mean by it got stuck? Are you saying it never returns back to the prompt?

A couple of points:

Add "set -xv" as the second line of your script. This will enable verbose debug and show you what is happening.
If you are a regular user running this script, the find command is using the '/' directory and there will be a lot of files and directories where the command will not work, due to your permissions. There are options to use sudo and set up sudoers so that you would not have to use a password.
In the future, when posting code, please place it within [code][/code] tags to properly maintain the spacing and formatting.
Once again, this posted script, does work correctly. It however does not do exactly what you described. This script only finds the files owned by the current user, which have a specific permission.

Justaguy123 · 12-21-2017, 07:07 AM

Thanks you!

Actually my problem is that running this script with no parameters is supposed to do list of files for every "human-made" accounts so there is any way to use this script in loop to run it for every account in OS and find how to find out that someone have access to file of these accounts? I must in first step find all files which i posses and then check permissions? My goal is in the first post

rtmistler · 12-21-2017, 07:21 AM

Enter the loop with the entire list of users from /etc/passwd, do not filter it down prior to entering the loop.
When inside the loop, perform your if test to determine if the id is greater than or equal to 1000.
If yes, then perform the find. Otherwise, no action.

I believe what your script is doing is that it takes /etc/passwd once, checks it once, finds the first occurrence of a user matching your if-test qualifications of >= 1000 && !65534, and that's it. It only ever finds the first occurrence.

When you enter your for loop, you have one entry in your list.

Instead make the list $users be the entirety of /etc/passwd.
Enter the loop.
And then perform your if-test and use that outcome to run or not run the find command.

ondoho · 12-22-2017, 12:13 AM

on my system it finds 2 users.

the script seems to be doing what it is supposed to do: find all files that belong to a certain user and spit them out.
the permission thingy is new to me; i hope it finds what it is supposed to find.
of course there is no mailing yet.

a few points:

if not performed with su privileges, it will spit out a lot of permissiondenied errors, hence i added "2>/dev/null"
"tmp" is not a good filename, because it might well ne in use already. use something more descriptive.
users doesn't have to be an array afaics, but should be enclosed in doublequotes.

here's what i used for testing:

Code:

#!/bin/bash


users="$(awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd)"

echo $users 

for user in $users
do
	echo "$user:" && find / -type f -user $user -perm /333 2>/dev/null
done

MadeInGermany · 12-22-2017, 03:50 AM

Scanning / is expensive.
I would do this once and save the output in a file.
A -ls keeps the user information along with the file names.
Then loop over the users and grep them in the file.

Example script:

Code:

#!/bin/bash
# set the PATH (do not inherit from environment)
export PATH=/bin:/usr/bin:/sbin:/usr/sbin
# variables, allows an easy change here
startdir=/
badfiles=badfiles

# create badfiles only if +24 hours old
if [ ! -s $badfiles ] || find $badfiles -prune -mtime +0 | grep .
then
  echo "scanning / and creating $badfiles"
  find $startdir -type d -name .snapshot -prune -o -type f -perm /033 -ls > $badfiles
fi

# criteria for valid users: UID range and /home/ directory
users=$(getent passwd | awk -F':' '{if ($3 >= 1000 && $3 != 65534 && $6 ~ /^\/home\//) print $1}')

# look up each user in badfiles
for user in $users
do
  awk -v user="$user" '$5==user { if (!title) { print "Bad files for", user, ":"; title=1 } print }' $badfiles
done

Justaguy123 · 12-22-2017, 08:37 AM

Now it looks like this :

Code:

#!/bin/bash
argc=$#
host=$(hostname) 
if test  $argc -lt 0 ; #SPRAWDZAM CZY JEST JAKIS PARAMETR / PARAMETERS QUANTITY CHECK
then

	if test $1 -eq -u ; #SPRAWDZANIE CZY PODAJEMY USERA  / USER CHECK
 		then
		if test $3 lt 0; # SPRAWDZANIE CZY USEROW JEST WIECEJ NIZ 1 / CHECKING WHETHER THERE IS MORE THAN 1 USER
			then
			#OPERACJE DLA WIELU USEROW / OPERATIONS FOR MULTIPLE USERS
		else
			#OPERACJE DLA JEDNEGO USERA / OPERATIONS FOR SINGLE USERS
		fi
	else
	if test $1 -eq -g ; #SPRAWDZANIE CZY PODAJEMY GRUPY / GROUP CHECK 
		then
		if test $3 lt 0; # SPRAWDZANIE CZY GRUP JEST WIECEJ NIZ 1 / CHECKING WHETHER THERE IS MORE THAN 1 USER
		then
			#OPERACJE DLA WIELU GRUP / OPERATIONS FOR MULTIPLE GROUPS
		else
			#OPERACJE DLA JEDNEJ GRUPY / OPERATIONS FOR SINGLE GROUP
		fi
	else
	echo "WRONG FIRST PARAMETER"
	exit
	fi
	
fi



#OPERACJE DLA BEZ PARAMETRÓW
if test  $argc -eq 0 ;
	 then
	users="$(awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd)"

	echo $users 

	for user in $users
		do
		FWOA_tmp.txt >> "######################$user#####################" && find / -type f -user $user -perm /333 2>/dev/null
	done
fi

echo "THIS IS FILE ACCESS RAPORT FROM $(date)" | mailx -s 'FILE ACCESS $(host)' -a FWOA_tmp.txt mail@domain.com
rm FWOA_tmp.txt

I made this divisions becouse i think that i won't be able to use the same instructions for single and multiple objects(users or groups). I'm right? I didn't take into account that user want to specify users which he want to check if they have access to his files.
format of command will be someting like sh script.sh (-u or -g) (multiply or single user or groups) -c(check) (users which he want to check if they have access to his files.) (mail address) it is ok?