Solved

Script to identify user with server domain

Posted on 2014-04-29
21
508 Views
Last Modified: 2014-05-06
How can I build a list of domains that have a specific user in the passwd file?

For example

for DOMAINS in $(cat domainlist)
do
  ssh root@$DOMAINS "cat /etc/passwd | grep the_user" >>domain_user
done

...I know that's not correct. But, what I'm wanting is the result to look something like this:

domain_user file should now contain:

www.foodomain.com the_user
www.thisdomain.com the_user
www.anotherdomain.com user_not_found
www.xyzdomain.com the user
...etc

So, the domains are listed in the domainlist file, and the script will build a local domain_user file that will indicate if the user was found on the domain or not.
0
Comment
Question by:Viclyn
  • 9
  • 8
  • 3
  • +1
21 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 40031648
Try "getent passwd" in place of grep passwd, that shoould work with central authentications too.
0
 
LVL 29

Expert Comment

by:fibo
ID: 40031652
Beware that running such a script will presumably be treated as intrusion attacks, mainly because of the ssh root use

Please tell us more about your precise context (eg, if your machines are running as OpenVZ containers and you have root access to the host, you can get these thru some local script)
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40031970
Since I'd guess this will not be a one time activity, I do the following;

Create s simple script named chk-user:
#!/bin/sh
#
# Simple script to see if a user exists. Outputs a short message if
# so, nothing otherwise.
#
HOST=`hostname`
if [ -z $1 ]; then
  echo "Invalid input"
  exit
fi
getent passwd $1
if [ $? == 0 ]; then
  echo "$HOST $1"
fi
exit

Open in new window

Make it executable with "chmod +x chk-user" and copy that script to each server with
 for f in *(cat domainlist); do scp chk-user root@$f; done

Open in new window


Then each time you which to enumerate the servers with that user do
 for f in *(cat domainlist); do ssh $f "chk-user $f" >>userlist; done

Open in new window

0
 

Author Comment

by:Viclyn
ID: 40032069
Well, the problem is, I'm not a scripter...I like to pretend to be though. (I'm learning).

So, if I use your suggestion, I'd need something like this:

If [ getent passwd the_user != 0]          // getent would be run on the server in ssh session
  echo "$DOMAINS the_user" >> domain_user
else
  echo "$DOMAINS user_not_found" >>domain_user

I would probably still like to not use getent, for reasons you listed, so
if [ ssh root@$DOMAINS "cat /etc/passwd | grep the_user" != 0 ]  

So, I just don't really know the syntax

Thanks
0
 

Author Comment

by:Viclyn
ID: 40032149
I don't want to keep a local script on each domain. There are 1000 domains, and I'm not the only one on them.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40032264
you could use grep in place of getent. If you use grep you have to look for username: so that you don't match usernames that just contain the test username string. Using getent is cleaner and there is no security advantage or disadvantage to it over grep. Neither has to be run as root though whoever is doing the scan has to have a login account on the server.

The script only has to be placed on each server one time. From then on it simply gets used.

Oh yeah, the script (and commands) I wrote have been tested and work.
0
 

Author Comment

by:Viclyn
ID: 40033126
I figured it out. Below is what I was looking for.

I'm accepting jlevie's solution too, as it's a good solution if one wishes to run the script locally from each server. Thanks

#!/bin/bash

for DOMAINS in $(cat domainlist)
do
        ssh root@$DOMAINS "cat /etc/passwd | grep -i the_user"
        if [ $? -ne 0 ]
          then
                echo "user_not_found $DOMAINS"  >> domain_users
          else
                echo "user_found $DOMAINS" >> domain_users
        fi
done
0
 

Author Comment

by:Viclyn
ID: 40033416
I've requested that this question be closed as follows:

Accepted answer: 0 points for Viclyn's comment #a40033126
Assisted answer: 500 points for jlevie's comment #a40031970

for the following reason:

Reason already provided
0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 40033329
That will work but there are three problems with the script as shown. One is that if the server is down the script will record user_not_found when in fact the user could have an account. Another is that you could record a false positive if the username is a substring of another user name (john also matches johnathan). The last is that if the server is not using flat files a grep of /etc/passwd will never return a user_found.

A better script would be:
#!/bin/sh
if [ -z $1 ]; then
  echo "Username not specified"
  exit
fi
for DOMAIN in $(cat domainlist); do
  ssh root@$DOMAIN "getent $1"
  if [ $? == 255 ]; then
    echo "$DOMAIN not checked" >> domain_users
  elif [ $? == 1 ]; then
    echo "user_not_found $DOMAIN"  >> domain_users
  else
    echo "user_not_found $DOMAIN"  >> domain_users
  fi
done

Open in new window


Execute the script as "script_name username"
0
 

Author Closing Comment

by:Viclyn
ID: 40033417
Yes, yours is definitely better. Thanks jlevie
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 29

Expert Comment

by:fibo
ID: 40033973
Just for the completeness of the record: I presume that line 11 of the above script should user_found, exact?
B-)
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40034380
Line 13 should be user_found. Any return status other than 0 indicates some sort of error.
0
 
LVL 29

Expert Comment

by:fibo
ID: 40036351
B-) so I would guess that line 11 checks code 0 for user_found, and that line 13 is left unchanged?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40036432
Line 8 checks for a failure of ssh. Line 10 checks to see if the remote command failed to find the username. Those are the only possible return codes. If neither of those the remote command must have found the user in the authentication database.
0
 

Author Comment

by:Viclyn
ID: 40037419
jlevie

There are a couple of problems with this script.

It doesn't appear to be connecting to the domains.  Yet, it executes line 11 (seems like it should be executing line 9 if it can't connect to a domain).

Also, line 7 should read:

ssh root@$DOMAIN "getent passwd $1"

correct?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40037593
My mistake. Yes that should be "getent passwd $1". That is why it is executing 11 ( the getent command failed).
0
 

Author Comment

by:Viclyn
ID: 40037852
The script works - except line 9 still never executes.

I put a domain in the list that doesn't exists, and it still executes line 11.

...this is beyond the scope of the initial question, but I am curious.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40038014
Sorry about that. When I posted that script I was having to do everything from memory, didn't have access to the man page for getent, and could not test the script. As written it isn't going to work quite right, but what follows does and is more elegant.
 #!/bin/sh
if [ -z $1 ]; then
  echo "Username not specified"
  exit
fi
for DOMAIN in $(cat domainlist); do
  ssh root@$DOMAIN "getent passwd $1 >/dev/null" >/dev/null 2>&1
  case $? in
    0)
      echo "user_found $DOMAIN"  >> domain_users ;;
    2)
      echo "user_not_found $DOMAIN"  >> domain_users ;;
    255)
      echo "$DOMAIN not checked" >> domain_users ;;
  esac 
done

Open in new window

0
 

Author Comment

by:Viclyn
ID: 40042132
jlevie - I definitely appreciate your input and expertise.

Line 13, I believe - needs to be changed to 254 instead of 255.

Then it works perfectly. Thanks again.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40042365
Dunno about Ubuntu, but on CentOS or Redhat the man page for ssh says:

"ssh exits with the exit status of the remote command or with 255 if an error occurred."

As does the man page on OS X/FreeBSD.
0
 

Author Comment

by:Viclyn
ID: 40045405
Oh. Yeah, I'm sure that's it. ...I learned *another* new thing. Thanks!

I'm using cygwin for the PC
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux Scripting 3 102
copy-item script help 15 68
Check if a filw is immutable for a certain amount of time 6 48
How to update  and reset admin password for Linux 5 41
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now