Newbie in trouble again

Newbie in trouble again

Post by Leif Poulse » Sat, 01 Feb 2003 08:47:15



Hi there

I am still very new to scripting in Unix and hope you will help me a bit.
Here are a couple of examples of my troubles.

-------------------------------------------------
How do I check a username (or uid). I have tried man getuid, man uid etc.
and nothing comes up. Here is what I am trying to do:

if [ "${User}" != "root" ]; then
# Only su may run this script
    echo " Im sorry, but you may not use this script"
    exit 1
else
    continue
fi
--------------------------------------------------

Here is another test problem.

until [ "${test}" = 1 ]
# testvar is made to authenticate correct keystroke
do

echo " ---------------------------------------"
echo " -       Menusomething                         -"
echo " - Hit (U)ser, (G)roup or (D)isconnect -"
echo " ---------------------------------------"

read menu
if [ "${menu} = "u-U" ]; then
# should I use case instead? and what syntax makes u the same as U?
test=1
adduser;
# calls preveously defined function
elif [ "${menu} = "g-G" ]; then
test =1
addgr;
elif [ "${menu} = "d-D" ]; then
exit 0
else
echo "you mistyped"
echo
fi
done

echo "You made it through the Until sentence"
-----------------------------------------------------

  I have several other questions to making my little program work. But I
quess it's better to ask a little at a time.

regards from

Leif

PS: Thanks for helping me earlier. Scripting is a lot easyer than making C
programs.
Being not very educated I learn easyer by example (stealing or recycling)
and links to already made scripts will be most welcome

 
 
 

Newbie in trouble again

Post by Barry Margoli » Sat, 01 Feb 2003 09:00:31




>Hi there

>I am still very new to scripting in Unix and hope you will help me a bit.
>Here are a couple of examples of my troubles.

>-------------------------------------------------
>How do I check a username (or uid). I have tried man getuid, man uid etc.
>and nothing comes up. Here is what I am trying to do:

>if [ "${User}" != "root" ]; then
># Only su may run this script
>    echo " Im sorry, but you may not use this script"
>    exit 1
>else
>    continue
>fi

I think the variable you're looking for here is $USER, not $User.  You can
also use the "whoami" command:

if [ "`whoami`" != root ]; then

- Show quoted text -

Quote:>--------------------------------------------------

>Here is another test problem.

>until [ "${test}" = 1 ]
># testvar is made to authenticate correct keystroke
>do

>echo " ---------------------------------------"
>echo " -       Menusomething                         -"
>echo " - Hit (U)ser, (G)roup or (D)isconnect -"
>echo " ---------------------------------------"

>read menu
>if [ "${menu} = "u-U" ]; then
># should I use case instead? and what syntax makes u the same as U?

Yes, you should use case for this.  You can write:

case "$menu" in
  u|U) ... ;;
  g|G) ... ;;
  d|D) ... ;;
  *) echo "you mistyped" ;;
esac

Quote:>PS: Thanks for helping me earlier. Scripting is a lot easyer than making C
>programs.
>Being not very educated I learn easyer by example (stealing or recycling)
>and links to already made scripts will be most welcome

It might be easier for you to read books on scripting than to post a
question every time you stumble.  Otherwise you'll spend most of the next
few months waiting for answers from the net.

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Newbie in trouble again

Post by Heiner Steve » Sat, 01 Feb 2003 09:21:14


[...]
  > -------------------------------------------------
  > How do I check a username (or uid). I have tried man getuid, man uid etc.
  > and nothing comes up. Here is what I am trying to do:
  >
  > if [ "${User}" != "root" ]; then
  > # Only su may run this script
  >     echo " Im sorry, but you may not use this script"
  >     exit 1
  > else
  >     continue
  > fi
  > --------------------------------------------------

If the script can only be run with system administrator
privileges, it's a better idea to check for the numerical
user id instead of the login name. Although it's rare, there
may be other users with system administratore privileges.

The "id" command is suitable for this purpose.
Example output:

     $ id
     uid=500(heiner) gid=100(users)
     $ su -
     Password:
     # id
     uid=0(root) gid=1(other)

You could use "id" in the following way to check
for a user with user id "0" (= "root" privileges):

     case "`/usr/bin/id`" in
         "uid=0("*)   ;; # permissions are right
         *)         echo >&2 "invalid permissions"; exit 1;;
     esac

Heiner
--
  ___ _

\__ \  _/ -_) V / -_) ' \    Shell Script Programmers: visit
|___/\__\___|\_/\___|_||_|   http://www.shelldorado.com/

 
 
 

Newbie in trouble again

Post by Leif Poulse » Sat, 01 Feb 2003 09:41:27




Quote:> It might be easier for you to read books on scripting than to post a
> question every time you stumble.  Otherwise you'll spend most of the next
> few months waiting for answers from the net.

Hi again

Thanks for your answer.

I'm using "Linux in a nuttshell" and an old danish book on unix. Preaviously
posted links like http://linux.wuxi.net.cn/docs/shelllearn,
http://linux.nixcraft.com/lsst/ and google helped also helped me a lot. Any
suggestions for other material is most welcome.

It seems to me that what workes in some examples in books, doesn't always
work on my mashine (Probably my fault).
I have tried different shells, but now use the Gnome shell (Bash) and it
seems more compatible with the examples.

In hope of not annoying anybody with to simple questions.

regards from

Leif

 
 
 

Newbie in trouble again

Post by hymi » Sat, 01 Feb 2003 23:32:57


In our last episode, the evil Dr. Lacto had captured our hero,

Quote:>Being not very educated I learn easyer by example (stealing or recycling)
>and links to already made scripts will be most welcome

Only be sure, always, to call it, please, "Research."


===============================================================================

 
 
 

Newbie in trouble again

Post by Tim Cargi » Sun, 02 Feb 2003 05:17:53




> [...]
>   > -------------------------------------------------
>   > How do I check a username (or uid). I have tried man getuid, man uid etc.
>   > and nothing comes up. Here is what I am trying to do:

[ blown away great stufff from Heiner ]

Quote:

> Heiner

What, Heiner?!?!  You didn't EXPLICITLY direct him to shelldorado?
                  Don't want him 'stealing' or 'recycling' your stuff. :-)

Tim

 
 
 

Newbie in trouble again

Post by Heiner Steve » Sun, 02 Feb 2003 08:20:16



  >

  >>
  >>[...]
  >>  > -------------------------------------------------
  >>  > How do I check a username (or uid). I have tried man getuid, man uid etc.
  >>  > and nothing comes up. Here is what I am trying to do:
[...]

  > What, Heiner?!?!  You didn't EXPLICITLY direct him to shelldorado?
  >                   Don't want him 'stealing' or 'recycling' your stuff. :-)

Hey, I put the examples on the SHELLdorado because they
are intended to be "stolen" ;-)

Surprising as it seems, there is no script showing how to
check the user id at the SHELLdorado. I try to avoid
limiting the usage of a script to certain user ids, because

  (1) it's not safe, because the user could just create his own
      copy of the script, remove the check, and run it again

  (2) there could be other means of granting access permissions,
      not related to the user id. Example: Solaris' "Role Based
      Accounting" (RBAC), or ACLs

Heiner
--
  ___ _

\__ \  _/ -_) V / -_) ' \    Shell Script Programmers: visit
|___/\__\___|\_/\___|_||_|   http://www.shelldorado.com/

 
 
 

Newbie in trouble again

Post by Tim Cargi » Sun, 02 Feb 2003 11:28:52



> In our last episode, the evil Dr. Lacto had captured our hero,

:-)

> >Being not very educated I learn easyer by example (stealing or recycling)
> >and links to already made scripts will be most welcome

> Only be sure, always, to call it, please, "Research."

:-) I prefer R & D, myself - Ravage & Destroy


> ===============================================================================

 
 
 

Newbie in trouble again

Post by Tim Cargi » Sun, 02 Feb 2003 15:56:54






>   >>[...]
>   >>  > -------------------------------------------------
>   >>  > How do I check a username (or uid). I have tried man getuid, man uid etc.
>   >>  > and nothing comes up. Here is what I am trying to do:
> [...]

>   > What, Heiner?!?!  You didn't EXPLICITLY direct him to shelldorado?
>   >                   Don't want him 'stealing' or 'recycling' your stuff. :-)

> Hey, I put the examples on the SHELLdorado because they
> are intended to be "stolen" ;-)

> Surprising as it seems, there is no script showing how to
> check the user id at the SHELLdorado. I try to avoid
> limiting the usage of a script to certain user ids, because

>   (1) it's not safe, because the user could just create his own
>       copy of the script, remove the check, and run it again

That would mean the system is defenseless/wide-open anyway.
I've seen id checked ONLY when they simply have the wrong
privileges to perform the task.  Not to protect the system.

Quote:

>   (2) there could be other means of granting access permissions,
>       not related to the user id. Example: Solaris' "Role Based
>       Accounting" (RBAC), or ACLs

I don't know what this means, frankly.  But I'm a little fatigued.

Quote:

> Heiner

Tim
 
 
 

Newbie in trouble again

Post by Stephane CHAZELA » Mon, 03 Feb 2003 03:29:17


[...]

Quote:>      # id
>      uid=0(root) gid=1(other)

But:

~$ id -u
501
~$ echo "int geteuid() { return 0; }" > fakeid.c
~$ cc -shared -fPIC fakeid.c
~$ LD_PRELOAD=$PWD/a.out export LD_PRELOAD
~$ /usr/bin/id -u
0

case `/usr/bin/env -i /usr/bin/id -u; /usr/bin/env -i /usr/bin/id -ru` in
  0?0) echo "you are a previledged user";;
esac

--
Stphane

 
 
 

Newbie in trouble again

Post by Tim Cargi » Mon, 03 Feb 2003 21:54:58




> [...]

> But:

> ~$ id -u
> 501
> ~$ echo "int geteuid() { return 0; }" > fakeid.c
> ~$ cc -shared -fPIC fakeid.c
> ~$ LD_PRELOAD=$PWD/a.out export LD_PRELOAD
> ~$ /usr/bin/id -u
> 0

> case `/usr/bin/env -i /usr/bin/id -u; /usr/bin/env -i /usr/bin/id -ru` in
>   0?0) echo "you are a previledged user";;
> esac

I learned a lot from this Cygwin/Linux, at least:

1) That a 'x=value export x' is acceptable syntax.

2) That $PWD is not reliable for all shells
   Cygwin/sh being the exception.  I prefer
   `pwd` anyway.

3) That my Cygwin cc/gcc compilers don't like -fPIC ...
   probably because Cygwin is not quite there yet.

4) That 'zsh' does not like statements contained
   wiin DOS-compatible text files.

5) That:

  echo "int geteuid() { return 0; }" > fakeid.c
  cc -shared -fPIC fakeid.c
  LD_PRELOAD="`pwd`/a.out" export LD_PRELOAD

  /usr/bin/id -u

  case `/usr/bin/env /usr/bin/id -u; /usr/bin/env /usr/bin/id -ru` in
    0?500) echo "you are a previledged user";;
  esac

  Actually works on Linux 2.8!  I like the way you think ...
  I'm putting a firewall in ASAP. :-)

Keep Up the Good Work!

Tim

 
 
 

Newbie in trouble again

Post by Heiner Steve » Tue, 04 Feb 2003 02:27:18


[...]

  >>  (2) there could be other means of granting access permissions,
  >>      not related to the user id. Example: Solaris' "Role Based
  >>      Accounting" (RBAC), or ACLs
  >
  > I don't know what this means, frankly.  But I'm a little fatigued.

I'm feeling fatigued, too, after searching for RBAC information ;-)

RBAC ("Role-Based Access Control") is a Solaris way of giving users
certain privileges usually only "root" has (like "sudo"), or even to
diminish the permissions "root" has:

     http://docs.sun.com/db/doc/805-7229/6j6q8svdf?q=role+based+access+con...

I don't know if RBAC is part of a (POSIX?) standard, or
just Sun's way of solving this frequently seen problem.

Heiner
--
  ___ _

\__ \  _/ -_) V / -_) ' \    Shell Script Programmers: visit
|___/\__\___|\_/\___|_||_|   http://www.shelldorado.com/

 
 
 

Newbie in trouble again

Post by Stephane CHAZELA » Tue, 04 Feb 2003 04:30:22



[...]

Quote:> 2) That $PWD is not reliable for all shells
>    Cygwin/sh being the exception.  I prefer
>    `pwd` anyway.

Well, "$PWD" is reliable in every shell where the feature is
implemented (bash, zsh, ksh most sh as it's specified by POSIX).

`pwd` is not reliable because it doesn't work in directoies
whose name is terminated by newline characters.

Note that the pwd builtin and /bin/pwd may not give the same
results. Components of `pwd` (or $PWD) can be symlinks, that's
not the case in /bin/pwd output.

Quote:> 3) That my Cygwin cc/gcc compilers don't like -fPIC ...
>    probably because Cygwin is not quite there yet.

This is for position independant code so that it can be
relocatable and thus used in shared objects. This may not have
any meaning for win32.

Anyway the geteuid can't be safe in a cygwin environment.

--
Stphane

 
 
 

Newbie in trouble again

Post by laura fairhe » Sun, 09 Feb 2003 00:08:36





>[...]
>> 2) That $PWD is not reliable for all shells
>>    Cygwin/sh being the exception.  I prefer
>>    `pwd` anyway.

>Well, "$PWD" is reliable in every shell where the feature is
>implemented (bash, zsh, ksh most sh as it's specified by POSIX).

>`pwd` is not reliable because it doesn't work in directoies
>whose name is terminated by newline characters.

It can be made to work;

eval "PWD='$(pwd |sed -e 's/'\''/&\\&&/g' -e '$s/$/'\''/' )"

Of course if a shell has not got POSIX command substitution it may be
difficult get the right syntax here, and otherwise it's pretty unusable
I suppose; but it does work, it's not broken.

Of course you do have an excellent point, the more natural;

PWD=$(pwd)

*is* broken.

elonex486$ cat >fil
+ cat
+ > fil

directory '1'

elonex486$ eval "PWD='$(cat fil |sed -e 's/'\''/&\\&&/g' -e '$s/$/'\''/' )"
+ cat fil
+ sed -e s/'/&\\&&/g -e $s/$/'/
+ eval PWD='
directory '\''1'\''
'
+ PWD=
directory '1'

elonex486$

byefornow
laura

--
alt.fan.madonna |news, interviews, discussion, writings
                |chat, exchange merchandise, meet fans....
                |Get into the groove baby you've got to... check us out!

 
 
 

Newbie in trouble again

Post by Tim Cargi » Sun, 09 Feb 2003 23:11:46




> [...]
> > 2) That $PWD is not reliable for all shells
> >    Cygwin/sh being the exception.  I prefer
> >    `pwd` anyway.

> Well, "$PWD" is reliable in every shell where the feature is
> implemented (bash, zsh, ksh most sh as it's specified by POSIX).

  It depends upon what your definition of 'reliability' is ...

  The only case where I found PWD to be 'readonly' was in
  'zsh' version 3.0.8.  It must have been a problem, because
  in the 4.0.6 version it is not.  True, one would not alter
  PWD conciously, but there are such things as bugs. At least
  the 'pwd' command/built-in can't be accidentally assigned a
  value.

  Curiously, the SUN ksh(1) man page says of the 'pwd' built-in:

     pwd

         Equivalent to print -r - $PWD.

   I wonder if is true because, in my four Linux shells, the
   PWD variable can be assigned values without affecting
   the 'pwd' accuracy.

Quote:

> `pwd` is not reliable because it doesn't work in directoies
> whose name is terminated by newline characters.

   Yes ... and a 'lot' of other UNIX utilities get unreliable
   in the same situation and we don't stop using them, do we?

   Rather than trying to treat the symptoms of embedded/terminating
   newlines, perhaps the problem should be addressed more directly
   by renaming all afflicted directories/files to meet an acceptable
   standard.

Quote:

> Note that the pwd builtin and /bin/pwd may not give the same
> results. Components of `pwd` (or $PWD) can be symlinks, that's
> not the case in /bin/pwd output.

  Noted, Thanks much.  My Linux 'ash' is the only shell I have
  that does not have 'pwd' as a built-in.

Quote:

> Anyway the geteuid can't be safe in a cygwin environment.

  Probably nothing else is either in Cygwin.  :-)

Tim