Forum: Cfengine Help
Subject: Setting perms on home directory files
Author: RIngersoll
Link to topic: https://cfengine.com/forum/read.php?3,17127,17127#msg-17127
I have a requirement to ensure that all files in a user's home directory are
owned by the owner of the home directory and have permissions no greater than
750.
One method I'm playing with is to read /etc/passwd into an array:
bundle agent test
{
vars:
"HomeDirn" int => readstringarray(
"HomeDir",
"/etc/passwd",
"#[^\n]*",
":",
"200",
"10000"
);
"HomeUsr" slist => getindices("HomeDir");
files:
"$(HomeDir[$(HomeUsr)][5])"
perms =>
mog("o-rwx,g-w","$(HomeDir[$(HomeUsr)][2])","$(HomeDir[$(HomeUsr)][3])"),
depth_search => recurse("inf");
}
This works but I don't want to set perms on every directory and user in
/etc/passwd. I need a way to filter out system and shared accounts so I only
process user accounts. The filtering could be based on a uid or gid range or
on the home directory path (all user directories can be identified by their
path name, e.g., /home/dba/*, /home/cmo/*, /home/admin/*, etc.).
Anyone have a suggestion on how to filter /etc/passwd? A grep function? Or
maybe there's a better way to approach this requirement?
Community 3.0.4
Thanks.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
