HPE Community
Operating System - HP-UX
1835042 Members
2497 Online
110073 Solutions
New Discussion

Script Help

 
SOLVED
Go to solution
Nobody's Hero
Valued Contributor

‎07-17-2007 11:07 PM

‎07-17-2007 11:07 PM

Script Help

I've been writing an auditing script and would like some input. This is a very large script and I am having an issue with this:

This part checks /etc/passwd, cuts the 4th field and looks for an id of zero and an field 1 match other than root. It flags id's other than root that have an id of zero.

However, the /etc/passwd entry for an LDAP entry looks like:
+@emgb_admin:x:::::

I think the blank in field 4 is being treated as a zero.
Here is the piece Im having trouble with.
for B in `cat /etc/passwd | cut -d':' -f1-4`; do
if [ `echo "$B" | cut -d':' -f4` = 0 -a `echo "$B" |cut -d':' -f1` != "root" ]; then
Answer=1
ALREADY=1
echo "$PDI: $B is not the only root account with a GID of 0." 1>>$PdiExamples

How can I say:
If there is a blank there, everything is fine?
Can I just exit if:
if [ `echo "$B" | cut -d':' -f4` = " " -a `echo "$B" |cut -d':' -f1` != "root" ]; then

exit 0

Or do I need to build in an else if statement.
UNIX IS GOOD
0 Kudos
Reply
3 REPLIES 3
Matti_Kurkela
Honored Contributor

‎07-18-2007 12:03 AM

‎07-18-2007 12:03 AM

Solution

Re: Script Help

The empty field can be expressed as "".
You should generally put double quotes around everything that can return empty values.

I prefer the $(command) construct instead of `command`.
I would write your snippet like this:

for B in $(cat /etc/passwd | cut -d':' -f1-4); do
gid="$(echo "$B" | cut -d':' -f4)"
username="$(echo "$B" | cut -d':' -f1)"
if [ "$uid" = "0" -a "$username" != "root" ]; then
Answer=1
ALREADY=1
echo "$PDI: user $username has primary GID 0; only root should have that." 1>>$PdiExamples


(I re-phrased your message: I think it's easier to understand this way.)

Note that in HP-UX, not even root has a primary GID of 0 by default. Root's default primary gid is 3, which is the "sys" group.
Root is a member of group 0 too, but that is a secondary group membership, given through /etc/group instead of /etc/passwd.

To catch cases like this, you might want to use the output of "id -G ". Like this, for example:

while read pwline; do
user="$(echo "$pwline" | cut -d':' -f1)"
for gid in $(id -G "$user"); do
if [ "$gid" -eq 0 -a "$user" != "root" ]; then
echo "$user is a member of GID 0"
fi
done
done
MK
MK
Reply
Nobody's Hero
Valued Contributor

‎07-18-2007 12:25 AM

‎07-18-2007 12:25 AM

Re: Script Help

Thanks Matti,
I'm gonna try it and make the change.
Much appreciated, I was stuck on this. Its a long script that does many checks.
UNIX IS GOOD
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎07-19-2007 05:30 AM

‎07-19-2007 05:30 AM

Re: Script Help

Hi,

I think, that should do it as well:

nawk -F: '$4 == "0" && $1 != "root" {printf("%s is member of %s\,",$1,$0}' /etc/passwd

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.