The World of Computer Software

home *** CD-ROM | disk | FTP | other *** search

/ The World of Computer Software / World_Of_Computer_Software-02-385-Vol-1of3.iso / c / cops_104.zip / cops_104 / group.chk < prev next >

Wrap

Text File | 1992-03-10 | 6KB | 189 lines

: # # group.chk # # Check group file -- /etc/group -- for incorrect number of fields, # duplicate groups, non-alphanumeric group names, and non-numeric group # id's. # # Awk part based on _passwd_ from _The AWK Programming Language_, page 78 # # Mechanism: Group.check uses awk to ensure that each line of the group # has 4 fields, as well as examining each line for any duplicate groups or # any duplicate user id's in a given group by using "sort -u" to ferret # out any duplications. It also checks to make sure that the password # field (the second one) is a "*", meaning the group has no password (a # group password is usually not necessary because each member listed on # the line has all the privilages that the group has.) All results are # echoed to standard output. Finally it ensures that the group names # are alphanumeric, that the group id's are numeric, and that there are # no blank lines. For yellow pages groups, it does the same checking, # but in order to get a listing of all members of the groups, it does a # "ypcat group > ./$$" and uses that temporary file for a groupfile. # It removes the tmp file after using it, of course. # The /etc/group file has a very specific format, making the task # fairly simple. Normally it has lines with 4 fields, each field # separated by a colon (:). The first field is the group name, the second # field is the encrypted password (an asterix (*) means the group has no # password, otherwise the first two characters are the salt), the third # field is the group id number, and the fourth field is a list of user # ids in the group. If a line begins with a plus sign (+), it is a yellow # pages entry. See group(5) for more information. # # AWK=/bin/awk SED=/bin/sed ECHO=/bin/echo TEST=/bin/test SORT=/usr/bin/sort UNIQ=/usr/bin/uniq YPCAT=/usr/bin/ypcat RM=/bin/rm # Used for Sun C2 security group file. FALSE (default) will flag # valid C2 group syntax as an error, TRUE attempts to validate it. # Thanks to Pete Troxell for pointing this out. C2=FALSE etc_group=/etc/group yp_group=./$$ yp=false if $TEST -f $YPCAT then if $TEST -s $YPCAT then $YPCAT group > $yp_group if $TEST $? -eq 0 then yp=true fi fi fi # Testing $etc_group for potential problems.... # First line is for a yellow pages entry in the group file. # It really should check for correct yellow pages syntax.... $AWK 'BEGIN {FS = ":" } { if (substr($1,1,1) != "+") { \ if ($0 ~ /^[ ]*$/) { printf("Warning! Group file, line %d, is blank\n", NR) } else { if (NF != 4) { printf("Warning! Group file, line %d, does not have 4 fields: %s\n", NR, $0) } \ if ($1 !~ /[A-Za-z0-9]/) { printf("Warning! Group file, line %d, nonalphanumeric user id: %s\n", NR, $0) } \ if ($2 != "" && $2 != "*" && $2 != "!") { if ("'$C2'" != "TRUE") { if (length($2) == 13) printf("Warning! Group file, line %d, group has password: %s\n", NR, $0) } else { if ("#$"$1 != $2) printf("Warning! Group file, line %d, group has invalid field for C2:\n%s\n", NR, $0) } \ } \ if ($3 !~ /[0-9]/) { printf("Warning! Group file, line %d, nonnumeric group id: %s\n", NR, $0) } } } }' $etc_group # # Look for duplications in groups in $etc_group # result=`$AWK -F: '{print $1}' $etc_group | $SORT |$UNIQ -d` if $TEST "$result" then $ECHO "Warning! Duplicate Group(s) found in $etc_group:" $ECHO $result fi # # Next, check for duplicate users in a group in /etc/group. Let # awk do all the work (thanks, adri!) # # Ignore all groups with less than two members. # awk -F: 'split($4, users, ",") > 1 { ct = 0 for (i in users) { curuser = users[i] for (j in users) { if (j > i && curuser == users[j]) { if (ct++ == 0) print "Warning! Group "$1" has duplicate user(s):" print curuser } } } }' $etc_group # # Test yellow pages groups as well if $TEST "$yp" = "true" then $AWK 'BEGIN {FS = ":" } { if ($0 ~ /^[ ]*$/) { printf("Warning! YGroup file, line %d, is blank\n", NR) } else { if (NF != 4) { printf("Warning! YGroup file, line %d, does not have 4 fields: %s\n", NR, $0) } \ if ($1 !~ /[A-Za-z0-9]/) { printf("Warning! YGroup file, line %d, nonalphanumeric user id: %s\n", NR, $0) } \ if ($2 != "" && $2 != "*") { if (length($2) == 13) printf("Warning! YGroup file, line %d, group has password: %s\n", NR, $0) } \ if ($3 !~ /[0-9]/) { printf("Warning! YGroup file, line %d, nonnumeric group id: %s\n", NR, $0) } } }' $yp_group # # Look for duplications in groups in yellow pages groups # yresult=`$AWK -F: '{print $1}' $yp_group | $SORT |$UNIQ -d` if $TEST "$yresult" then $ECHO "Warning! Duplicate Group(s) found in yellow pages group:" $ECHO $result fi # # Next, check for duplicate users in a group in yellow groups. Let # awk do all the work (thanks, adri!) # ignore all groups with one member. # awk -F: 'split($4, users, ",") > 1 { ct = 0 for (i in users) { curuser = users[i] for (j in users) { if (j > i && curuser == users[j]) { if (ct++ == 0) print "Warning! YGroup "$1" has duplicate user(s):" print curuser } } } }' $yp_group fi $RM -f $yp_group # end