I wanted to make sure that all the files listed in /etc/shells were not more permissive than 755, but I kept running into a problem of trying to analyze the permissions on a file that is a link. After digging around, I found out about a command called

readlink

which prints the full path of the file that the link is point at. So I came up with some bash shell code to do the job:

Bash Script checking permissions

    for f in `cat /etc/shells`
    do
      #echo "checking $f"
      if [ -e $f ]; then
        if [ -L $f ]; then
          f=`readlink -f $f`
          results=`stat -c "%a" $f`
        else
          results=`stat -c "%a" $f`
        fi
        if [[ "$results" -le "755"  ]]; then
          echo "--- passed => $results - $f"
        else
          echo "-X- Failed => $results - $f"
        fi
      else
        echo "missing"
      fi
    done

Explanation of bash script checking permissions

For all the text lines returned from “cat /etc/shells”, process a loop while setting each line from the text file /etc/shells as a variable of “f”. The first if statement checks to see if the file exists. The second if statement checks if the file in “f” is a link and if so, reassign the variable “f” to the returned value from running “readlink -f $f” then process the file with stat to get the octal value of permissions. If the file is not a link, try to process the file with stat to get the octal value. The next if statement checks to see the file in $f is less than or equal to 755. If the octal value is less than or equal to 755, a line will be printed indicating the file has passed the test. If the octal value is more than 755, a line will be printed indicating the file has not passed the test. Here is a sample output from one of my servers:

--- passed => 755 - /bin/bash
--- passed => 755 - /bin/bash
--- passed => 755 - /sbin/nologin
--- passed => 755 - /bin/ash
--- passed => 755 - /bin/ash
--- passed => 755 - /bin/ksh
--- passed => 755 - /bin/ksh
--- passed => 755 - /bin/ksh
--- passed => 755 - /bin/tcsh
--- passed => 755 - /bin/tcsh
--- passed => 755 - /bin/zsh
comments powered by Disqus