Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

How do I generate a listing of all users who can access a directory?

by BlaisePascal (Monk)
on May 04, 2004 at 14:41 UTC ( #350350=perlquestion: print w/replies, xml ) Need Help??
BlaisePascal has asked for the wisdom of the Perl Monks concerning the following question:

I need to generate a listing of all users who can access each directory in a directory tree, so I can compare those users against a master list of who is supposed to have access. Unix directory access permission require someone to have access to every directory in the path leading up to a given directory, so just checking the permissions on the directory itself isn't enough.

How do I generate a listing of all users who can access a directory?

  • Comment on How do I generate a listing of all users who can access a directory?

Replies are listed 'Best First'.
Re: How do I generate a listing of all users who can access a directory?
by sgifford (Prior) on May 04, 2004 at 15:57 UTC

    The most robust way would be to start the program as the root user, loop through the passwd file with getpwent, switch to each of the UIDs, and try to open the file or opendir the directory. That will work with all kinds of ACLs and other oddities your version of Unix may include.

    If you know your system only uses standard Unix stuff, you can just open the bottommost directory, make a hash of users who have access to it, then remove one directory component at a time with File::Basename's dirname function. Make sure all of the users in your hash have at least execute permission on that parent directory, and if not delete them from the hash. When you've checked the root filesystem, you're done, and whoever is in the hash can access that directory.

    You may also have to deal with symlinks. For some help on that, see 346747.

      Hmm, I was thinking of working from root out, trimming the hash, since I've got a directory tree I'm anotating. Going from the file/directory down to the root would work for the general "Why can't this user access this file question" better. I'll try it both ways and see which is faster.
Re: How do I generate a listing of all users who can access a directory?
by insensate (Hermit) on May 04, 2004 at 19:40 UTC
    "Unix directory access permission require someone to have access to every directory in the path leading up to a given directory,"

    Be careful. A user needs execute permission on a directory to pass through, read permission to view contents. opendir will succeed on a directory where you have '--x' permissions but you will obviously not have access to directory contents. Make sure a component of your solution actually tries a read on each directory.

    Update:

    I was not clear, opendir will fail on a directory that doesn't have it's 'r' bit set (assuming non-root). However if I open a directory say

    /homes/insensate/allx/freeforall
    Where  allx is  --x--x--x and freeforall is  rwxrwxrwx the opendir will succeed.

    My point is to not let an assumption that access to a given directory implies access to parent directories stand.

      That's not how my copy of perl is behaving:
      $ ls -ld /tmp/test drwx--x--x 2 root root 1024 May 4 15:55 /tmp/test $ perl -e 'opendir(D,"/tmp/test") or die "opendir failed: $!\n";' opendir failed: Permission denied
Re: How do I generate a listing of all users who can access a directory?
by greenFox (Vicar) on May 05, 2004 at 08:55 UTC
    Somethings I still do in shell...
    for user in `awk -F: '{print $1}' /etc/passwd`; do echo $user; su - $user -c "ls -l /path/to/dir/" >/dev/null 2>&1; echo $?; done

    Yeah I wrote it on the command line :) You might need to tweak for your system, skipping system accounts for example (awk -F: '$3>100{print $1}' /etc/passwd usually does it).

    --
    Do not seek to follow in the footsteps of the wise. Seek what they sought. -Basho

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://350350]
Approved by sgifford
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (2)
As of 2018-11-14 06:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My code is most likely broken because:
















    Results (163 votes). Check out past polls.

    Notices?