HPE Community
Operating System - HP-UX
1829750 Members
1461 Online
109992 Solutions
New Discussion

script will not run on a non trusted system, could you help

 
SOLVED
Go to solution
Charles Keyser
Frequent Advisor

‎01-07-2009 09:05 AM

‎01-07-2009 09:05 AM

script will not run on a non trusted system, could you help

I have a script the will not on one server the script sends a message

awk: Cannot find or open file /tcb/files/auth/n/nobody.
The source line number is 1.
System is not trusted.
System is not trusted.
./userpwd[48]: test: argument expected

I am racking my brain at this point to modify it. Could some one help me if I posted the script?
Thanks
-Charlie
0 Kudos
Reply
7 REPLIES 7
Denver Osborn
Honored Contributor

‎01-07-2009 09:10 AM

‎01-07-2009 09:10 AM

Solution

Re: script will not run on a non trusted system, could you help

> awk: Cannot find or open file /tcb/files/auth/n/nobody.

You'll find /tcb on a trusted system. What does your script do? It must have been written specific to a trusted system.

-denver
Reply
James R. Ferguson
Acclaimed Contributor

‎01-07-2009 09:12 AM

‎01-07-2009 09:12 AM

Re: script will not run on a non trusted system, could you help

Hi Charlie:

Well, if you server isn't running in "trusted" mode then there won't be any '/tcb/files' directory!

In fact, you said that your "script will not run on a non trusted system".

Modify the script to test for the presence of the directory:

...
[ -d /tcb/files ] || { echo "Not Trusted"; exit; }
...

Regards!

...JRF...
Reply
Charles Keyser
Frequent Advisor

‎01-07-2009 10:37 AM

‎01-07-2009 10:37 AM

Re: script will not run on a non trusted system, could you help

Here is the script, I added the one comment -d /tcb/files

and I received an error. Take a look, no hurry and Thanks

-Charlie

#! /usr/bin/ksh
# This script will print the the number of days since a password
# was last changed on a trusted HP-UX system.

# Print the header
print "\nUsername Description\t Passwd Exp Reason Locked \tSPWCHG"
echo "-------- -----------\t ---------- --------------\t------------"

# This variable is the actual time
CURRTIME=$(perl -e 'print time')

# Reason for accounts being locked
REASON[1]="past password lifetime"
REASON[2]="past last login time"
REASON[3]="past account lifetime"
REASON[4]="Too many failed logins"
REASON[5]="null password"
REASON[6]="admin lock"
REASON[7]="password is a *"

# For all users, get the username, gecos, homedir, and shell
awk -F: '{print $1 ":" $5 ":" $6 ":" $7}' /etc/passwd | while IFS=: read USER LDESC HOMEDIR LSHEL ; do

# First leter of username
letter=$(echo $USER|cut -c1)

# Check the Description for the account
DESC=$(echo $LDESC | cut -c1-18)
[[ -z $DESC ]] && DESC="NO DESCRIPTION"

# Check the shell for the account
#SHEL=${LSHEL##*/} ; [[ -z $SHEL ]] && SHEL="NO SHELL"

# Get the number of days until the password expires
LastChanged=$(awk -F "u_succhg#" ' {print $2}' /tcb/files/auth/$letter/$USER|awk -F: '/^[0-9]/{print $1}')
if [[ -z $LastChanged || $LastChanged -eq "0" ]] ; then
DaysTilExpire="PW NOT SET"
else
# Get the days til password expiration
let "DaysTilExpire=90 - (( $CURRTIME - $LastChanged ) / 86400) "
fi

# Get the date of the last succussful password change
SPWCHG=$(/usr/lbin/getprpw -r -m spwchg $USER)

# Reason the account is locked or not
LOCKOUT=`/usr/lbin/getprpw -r -m lockout $USER`
if [ $LOCKOUT != "0000000" ] ; then
for BIT in 1 2 3 4 5 6 7 ; do
REASONBIT=$(echo $LOCKOUT | cut -c $BIT)
if [ $REASONBIT != 0 ] ; then
if [ $REASONBIT = 1 ] ; then
UREASON="${REASON[$BIT]}"
fi
fi
done

else
UREASON="Active User"
fi

printf "%-14s %-21s %-10s %5s\t %-15s %-25s\n" ${USER} "${DESC}" "${SHEL}" "${DaysTilExpire}" "${UREASON}" "${SPWCHG}"

done | sort
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-07-2009 11:05 AM

‎01-07-2009 11:05 AM

Re: script will not run on a non trusted system, could you help

Hi Charlie:

Your problem is that the 'getprpw' function is only available on a trusted server.

I have attached a quick hack to your script that will simply look for an "*" in the '/etc/passwd' field to denote an inactive account. You can use it.

Regards!

...JRF...

Reply
James R. Ferguson
Acclaimed Contributor

‎01-07-2009 11:29 AM

‎01-07-2009 11:29 AM

Re: script will not run on a non trusted system, could you help

Hi (again) Charlie:

You might want to consider further modifications to your script to handle not only the "standard" (classic) model; trusted systems; and the 'shadow' password implementation which surplants trusted:

http://docs.hp.com/en/B2355-60130/shadow.4.html

...happy scripting :-)

Regards!

...JRF...
Reply
Russ Park
Frequent Advisor

‎01-08-2009 09:05 AM

‎01-08-2009 09:05 AM

Re: script will not run on a non trusted system, could you help

(to James)

Nice Script, James - I have poked at doing this very thing several times, and you solved a few tricky problems for me!

(to Charles)
As an admin of Trusted Systems (that's all I run), I would agree with the assessment/comments above - you only have the /tcb directory IF you're trusted. If you remove it, that directory IS DELETED. It therefore is a simple thing to test for.

-Russ
0 Kudos
Reply
Russ Park
Frequent Advisor

‎01-08-2009 09:07 AM

‎01-08-2009 09:07 AM

Re: script will not run on a non trusted system, could you help

I SHOULD have said,

"if you UN-trust your system" instead of
"if you remove it"

-Russ
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.