Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 422
  • Last Modified:

Running a report from .profile against 600 in bindview

Hello, I have been given a task to run a report in bindview .  The report should list all user profiles which are updatable by other users. ie: all files called .profile where the file mode is something other than 600.  How would I do this? - or what AIX command could I run (just to create a manual report in AIX)?
  • 2
1 Solution
Don't know about bindview, but the Unix command would be:
find / -name .profile -perm -og+rw -ls
Actually the "-" in front of the og+rw will not work because it means that the file has at least those permissions.  If you leave the dash out, then it means exactly matches the permissions specified.  Since we know the permissions need to be 600 and we want to find those whose permissions don't match, we also need to negate the primary with "!".  The UNIX command should be:

find HOMEROOT -name .profile -a ! -perm 600 -exec ls {} \;

where HOMEROOT is where all users home directories reside.  For example if all home directories are on the /u filesystem:

find /u -name .profile -a ! -perm 600 -exec ls {} \;

Try it out and let me know.
# Find .profile writeable by group OR others
find / -name .profile  \( -perm -g+w -o -perm -o+w \)  -ls  

# Find .profile where permissions are not 600
find / -name .profile ! -perm 600  -ls

# So what's wrong with permissions 700? Or 755? Your call ;-)
You are going to want to stick to specifying the permissions in octal since you know exactly what you want (600).  The above solution using symbolic permissions does not take read or execute permission into consideration.  It can be done with symbolic, but it will produce quite a long command.

My other issue is why are the solutions checking from root directory?  Do you really need to check the entire system (including mounted filesystems)?  This could take quite a long time.  User profiles are in their HOME directories.  If you have organized them into a common parent, then specify it as the path to find.  If you have more than one location for user's HOME directories, you can specify more than one path to search for find to look in.

Your call.

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now