Creating Effective Shell Scripts

In this section, we’ll consider several different routine system administration tasks as examples of creating and using administrative shell scripts. The discussions are meant to consider not only these tasks in themselves but also the process of writing scripts. Most of the shell script examples use the Bourne shell, but you can use any shell you choose; it’s merely a Unixprejudice that “real shell programmers use the Bourne/Korn/zsh shell,” however prevalent that attitude/article of faith may be.[1]

Password File Security

We discussed the various security issues surrounding the password file in Section 7.8 and Section 6.1. The various commands used to check it and its contents could be combined easily in a shell script. Here is one version (named ckpwd):

#!/bin/sh # ckpwd - check password file (run as root) # # requires a saved password file to compare against: # /usr/local/admin/old/opg # umask 077 PATH="/bin:/usr/bin"; export PATH cd /usr/local/admin/old # stored passwd file location echo ">>> Password file check for `date`"; echo "" echo "*** Accounts without passwords:" grep '^[^:]*::' /etc/passwd if [ $? -eq 1 ] # grep found no matches then echo "None found." fi echo "" # Look for extra system accounts echo "*** Non-root UID=0 or GID=0 accounts:" grep ':00*:' /etc/passwd | \ awk -F: 'BEGIN {n=0} $1!="root" {print $0 ; n=1} END {if (n==0) print "None found."}' echo "" sort </etc/passwd >tmp1 sort <opg >tmp2 # opg is the previously saved copy ...

Get Essential System Administration, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.