Menu
I should start by saying I consider myself a proficient user. But today I had the need to automate this and was stumped.
Let's suppose I am root, and as such I'm able to traverse the whole filesystem but I can't run "sudo" nor "su".
I have a given user and a given path.
How can I check, over the CLI, whether the user will be able to read and/or write to the path?
I know this sounds easy, but keep in mind that:
I'm assuming this can't be done through any command, and I'd need to first gather all user groups, then traverse the whole hierarchy of the path, check read permissions all along the path and then read & write for the final directory. Sounds awfully expensive, though.
421
Tag me a scripting guru!
check_access() {
checked_file=$1
target_user=$2
result=PASS
groups=`id -G $target_user | sed -e 's| | -o -group |g' -e 's|^|\\( -group |' -e 's|$| \\)|'`
while [ $checked_file != / ]; do
find $checked_file -maxdepth 0 \
-type f \( \
\( -user $target_user -perm 0400 \) \
-o \( $groups -perm 0040 \) \
-o -perm 0004 \
\) -o -type d \( \
\( -user $target_user -perm 0100 \) \
-o \( $groups -perm 0010 \) \
-o -perm 0001 \
\) >/dev/null 2>&1 || result=FAIL
checked_file=`dirname $checked_file`
done
echo $result
}
the best way is to validate via user himself:
if sudo su - $user_to_check -c "[[ -r $path_to_check ]]"
then echo "$user_to_check can read $path_to_check"
else echo "$user_to_check can not read $path_to_check"
fi
if sudo su - $user_to_check -c "[[ -w $path_to_check ]]"
then echo "$user_to_check can write $path_to_check"
else echo "$user_to_check can not write $path_to_check"
fi
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
