Creating Effective Shell Scripts
In this section, we’ll consider several different routine system administration tasks as examples of creating and using administrative shell scripts. The discussions are meant to consider not only these tasks in themselves but also the process of writing scripts. Most of the shell script examples use the Bourne shell, but you can use any shell you choose; it’s merely a Unixprejudice that “real shell programmers use the Bourne/Korn/zsh shell,” however prevalent that attitude/article of faith may be.[1]
Password File Security
We discussed the various security issues surrounding the
password file in Section 7.8
and Section 6.1. The various
commands used to check it and its contents could be combined easily in
a shell script. Here is one version (named ckpwd
):
#!/bin/sh # ckpwd - check password file (run as root) # # requires a saved password file to compare against: # /usr/local/admin/old/opg # umask 077 PATH="/bin:/usr/bin"; export PATH cd /usr/local/admin/old # stored passwd file location echo ">>> Password file check for `date`"; echo "" echo "*** Accounts without passwords:" grep '^[^:]*::' /etc/passwd if [ $? -eq 1 ] # grep found no matches then echo "None found." fi echo "" # Look for extra system accounts echo "*** Non-root UID=0 or GID=0 accounts:" grep ':00*:' /etc/passwd | \ awk -F: 'BEGIN {n=0} $1!="root" {print $0 ; n=1} END {if (n==0) print "None found."}' echo "" sort </etc/passwd >tmp1 sort <opg >tmp2 # opg is the previously saved copy ...
Get Essential System Administration, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.