HPE Community
Operating System - HP-UX
1836408 Members
2655 Online
110100 Solutions
New Discussion

Re: Trusted system:seperate locked from active accounts

 
SOLVED
Go to solution
Brian A. Scurlock_1
Frequent Advisor

‎05-11-2007 02:18 AM

‎05-11-2007 02:18 AM

Trusted system:seperate locked from active accounts

I pieced together the attached script to sort out locked vs active accounts. The problem is if I just dump the lock codes into two files (one file for unlocked accounts, 1 file for everything else). The line counts add up to the number of lines in the /etc/passwd. BUT if I grep the corresponding Account data and sort them into locked vs unlocked I get way to many lines. What's wrong with my script?

Thanks in advance.
-Brian

You can do anything you set your mind to when you have vision, determination, and an endless supply of expendable labor.
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎05-11-2007 02:50 AM

‎05-11-2007 02:50 AM

Re: Trusted system:seperate locked from active accounts

Shalom,

Before writing your script, I would have looked to see if passwd -sa provided sufficient data.

The problem with the script appears to be either a typo or not full understanding of what data lies where in trusted systems.

Good Luck,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-11-2007 03:04 AM

‎05-11-2007 03:04 AM

Solution

Re: Trusted system:seperate locked from active accounts

I suspect that your fundmental problem is using grep in conjuction with awk.

grep $i /etc/passwd|awk -F: '{print "username: " $1,"uid: " $3,"Description: " $5,"HomeDir: " $6,"Shell: " $7}'>>active.txt


You should note that if ${i} is 'rob' that it will match user 'rob' but it will also match 'robert', 'roberto', 'robin', 'throb', ... AND it will match any string 'rob' anywhere in the file --- not just the first field.

On the other hand if your awk script tested if ($1 == "rob")
then only user 'rob' would be matched.

Grep is a very poor choice for this because you are using grep to do something that awk can do much better all by itself.
If it ain't broke, I can fix that.
Reply
Brian A. Scurlock_1
Frequent Advisor

‎05-11-2007 03:05 AM

‎05-11-2007 03:05 AM

Re: Trusted system:seperate locked from active accounts

Password -sa might be helpful at getting at similar data, but when I run it and do a line count, the number does not appear to correspond to anything, it falls far short of the number of users in /etc/passwd. SO my guess is passwd -sa is possibly reported accounts that are active only which is not quite sufficient for my needs. I think getprpw is the way to go and I appear to be getting the data I need but I'm pretty sure the error is in the way I am using awk to grap pertinent account info.

Thanks

-Brian
You can do anything you set your mind to when you have vision, determination, and an endless supply of expendable labor.
0 Kudos
Reply
Brian A. Scurlock_1
Frequent Advisor

‎05-11-2007 04:46 AM

‎05-11-2007 04:46 AM

Re: Trusted system:seperate locked from active accounts

Initially I didn't think grep was causing a problem since all my usernames are quite unique I discounted the username matching any other random strings. I completely missed the fact that grep was not only grabbing usernames but home directories that matched the username. DOh!
Poor choice indeed.
Attached is the updated (working) version for anyone else who has an IT audit coming up.
Thanks for the help
-Brian
You can do anything you set your mind to when you have vision, determination, and an endless supply of expendable labor.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.