|
UNIX Hints & Hacks |
 |
||||||||||||||||||||||||||||||||||||
|
Chapter 5: Account Management |
|
||||||||||||||||||||||||||||||||||||
|
There are times when a file might need to be propagated to every user's home directory.
Flavors: AT&T, BSD
Shells: sh
This method of propagating files to all users' home directories is a two-step process. The first step is to copy the password file to a secure area and strip out all system-related accounts. This includes bin, ftp, root, sync, nobody, and so on--any account that is not a physical user. Then you run the propagation script against it.
# /etc/passwd /usr/private/admin/passwd
Copy the password to a secure (700) area owned by root.
# vi /usr/private/admin/passwd
root:NqM5kgsU0o./6:0:0:root:/root:/bin/tcsh bin:*:1:1:bin:/bin: daemon:*:2:2:daemon:/sbin: adm:*:3:4:adm:/var/adm: lp:*:4:7:lp:/var/spool/lpd: sync:*:5:0:sync:/sbin:/bin/sync shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash nobody:*:65534:100:nobody:/dev/null: ftp:*:404:1::/home/ftp:/bin/bash guest:*:405:100:guest:/dev/null:/dev/null
Strip out all the system-related accounts that are not physical users.
# vi cphome
#! /bin/sh cat /usr/private/admin/passwd | while read line do USER=`echo $line | awk -F":" '{print $1}'` DIR=`echo $line | awk -F":" '{print $6}'` cp $1 $DIR chown $USER $DIR/$1 chmod 750 $DIR/$1 done
Line 1: Define the shell.
Line 2: Begin processing through stripped password file.
Line 5: Get each home directory.
Line 6: Copy the files to each home directory.
Line 7: Change the ownership to the user.
Line 8: Change the permissions for the user.
The stripped password file gets processed line by line, collecting the username and the home directory. Then, as it processes each line, the script copies the files to the user's home directory, chowns ownership to the user, and grants the permission 750 to the files.
This script can be easily modified to support the changing of UIDs or even the GIDs if needed. You can use it as a building block for modifying and manipulating users' accounts. See if you can think of other possibilities for which the script could be used.
Some applications and files live in the home directories of the users. These files can be anything from configuration files to the application startup script. When new versions are loaded, these files often need updating.
It is easy to modify one of these scripts so that it can do some real damage, really quickly. A script similar to this one was once created to remove a single file out of all the home directories on a system. When the administrator executed the script, he wondered why it was taking over 30 seconds to remove the files from 30 users' home directories. He broke out of the script only to find that all the files in the top level of each of the home directories were getting wiped out. Did he test the script before running it? No. Did he have a typo? Yes. He then had to spend the next day, a Saturday, restoring the files. The good news is that only one of the 30 users was logged in at the time.
|
UNIX Hints & Hacks |
|
||||||||||||||||||||||||||||||||||||
|
Chapter 5: Account Management |
|
||||||||||||||||||||||||||||||||||||
|
© Copyright Macmillan USA. All rights reserved.