Is there a process or script that will create a report on what users are in the system. Which groups they are members of....etc

ray

Users are stored in /etc/passwd which is a colon delimited file. (Typing "man 5 passwd" will give you documentation about this file.) The first field is the user name.

You can get the information you requested by running "id <user name>" for any give user e.g.
id root

To get it for all users you can run a for loop:
for user in $(awk -F: '{print $1}' /etc/passwd); do id $user; done

That says to use colon as field delimiter for awk command then print first field from /etc/passwd and for each first field found run the id command on it.

You can get more details on "id" command and "awk" by typing "man id" and "man awk" respectively.

1 members found this post helpful.

Thank you. Is there a way to audit rights on the file system either by user or group?

Simple "ls -ld" of a directory or "ls -l" of a file will show you permissions/owner/group. (ls -la will show hidden files.)

Examples:
ls -ld /
drwxr-xr-x 26 root root 4096 Apr 18 13:01 /

The d is directory. First 3 characters after that are permissions for owner. Next 3 are permissions for group and the last 3 are permissions for everyone else. rwx = full permissions to read/write/execute (or access when talking about directories). r-x = read and execute but don't allow write. After permissions is number of links then owner (root) then group (root).

ls -la /home/testlogin
total 60
drwx------ 3 testlogin testlogin 4096 Apr 18 13:54 .
drwxr-xr-x 9 root root 4096 Sep 28 2010 ..
-rw------- 1 testlogin testlogin 313 May 17 2011 .bash_history
-rw-r--r-- 1 testlogin testlogin 33 Jul 2 2010 .bash_logout
-rw-r--r-- 1 testlogin testlogin 176 Jul 2 2010 .bash_profile
-rw-r--r-- 1 testlogin testlogin 124 Jul 2 2010 .bashrc
-rw-r--r-- 1 testlogin testlogin 515 Jul 2 2010 .emacs
-rw------- 1 testlogin testlogin 35 May 17 2011 .lesshst
drwxr-xr-x 4 testlogin testlogin 4096 Jul 2 2010 .mozilla
-rw-r--r-- 1 testlogin testlogin 1104 Apr 18 13:54 mytestfile
-rw-r--r-- 1 testlogin testlogin 1738 Apr 18 13:54 mytestfile2
-rw------- 1 testlogin testlogin 563 May 17 2011 .viminfo
-rw------- 1 testlogin testlogin 64 May 17 2011 .Xauthority
-rw-r--r-- 1 testlogin testlogin 658 Jul 2 2010 .zshrc

Typing "man chmod" and "man chown" will give you more information on mode (permissions) and owner/group settings. Typing "man ls" will give you more information on the ls command.

I knew about the ls command, but was hoping for something that would create a list that showed:

group <xyz>

rwx /etc
r-x /root
rw- /bin
r-- <file1>
--- <file87>

I suppose I could write a script to analyze the info, but I didn't want to recreate the wheel if there was an easier way to do it.

tree -u -g

man tree

Unfortunately it doesn't look like CentOS has this command

yum provides "*/tree"

Would tell CentOS (or any yum based distro) to search its repositories for the file tree which would in turn show you which package includes that file.

On my CentOS 5 tree is already installed and is part the "tree" package so "yum install tree" ought to install it for you.

Adding a package may be a challenge as these systems have the least possible packages installed. I may be limited to writing a script that will collect the audit data. Thanks for your quick responses. I really appreciate it.

Hopefully you do have the find command installed. It has options to search by group and by user. The groups are in /etc/group.

You could run:
That would give you a list of files for each group. Similar script could do it for each user.

The find command generates a lot of context switches so the above process wouldn't be quick and on a sluggish system could cause problems. To avoid that you could work out doing an array and parsing it (which would likely work best in perl as it is more efficient in most cases than standard shell scripting).

1 members found this post helpful.