如何在Bash/sh中将用户帐户名和目录分配给数组？

我正试图在Red Hat Enterprise Linux（RHEL）系统上为STIG测试创建一个带有漏洞ID V-72017的bash脚本。我的任务是确保所有用户权限的八进制值为0750或更少

我能够通过使用收集用户的权限八进制值

    stat -c "%a" /home/$username

我试图通过使用命令（输出系统上每个用户的名称）创建$username（或directory）数组：

我计划将这个输出映射到一个数组，可能是一个while循环。这是一个可能的解决方案吗

以下代码中的语法错误：

    (eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)} | cut -d: -f1) | while read -r line
    do
      myarray+=line
      stat -c "%a" /home/$line
    done

期望输出情况1：

    Users:
    rob
    bob
    Exit Fail: bob has permission octal value 0755.

期望输出情况2：

    Users:
    rob
    bob
    Exit Pass: All users have permission octal value of 0750 or less.

---

您已找到所有登录用户。Regexp可用于检查home dir的权限

echo "Users: "                                                                   
(eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)} | cut -d: -f1) | while read -r line
do                                                                               
  echo $line                                                                     
  perm=$(stat -c "%a" /home/$line)                                               
  [[ "$perm" =~ [0-7][0,1,4,5][0] ]] || echo "Exit fail: $line has permission octal value $perm"                                                                            
done

---

可能您需要调整输出表单。

建议尽量避免使用

eval

。更 如果您正在调查系统安全状态。请试试这个 改为以下内容：

#!/bin/bash

perm=0750       # system policy
uid_min=$(sed -n '/^UID_MIN/ s/[^0-9]*\([0-9]\+\).*/\1/p' "/etc/login.defs")
uid_max=$(sed -n '/^UID_MAX/ s/[^0-9]*\([0-9]\+\).*/\1/p' "/etc/login.defs")

# read /etc/passwd and process line by line
while IFS=: read -ra a; do
    # now ${a[0]} holds username and ${a[2]} holds uid
    if (( ${a[2]} >= uid_min && ${a[2]} <= uid_max )); then
        # narrow down the users whose uid is within the range
        users+=("${a[0]}")
        # check the user's permission
        userperm="0$(stat -c "%a" "/home/${a[0]}")"
        if (( (~ perm) & userperm )); then
            # the user's permission exceeds the limitation $perm
            fail+=("$(printf "%s has permission octal value 0%o." "${a[0]}" "$userperm")")
        fi
    fi
done < "/etc/passwd"

echo "Users:"
for i in "${users[@]}"; do
    echo "$i"
done

if (( ${#fail[@]} == 0 )); then
    printf "Exit Pass: All users have permission octal value of 0%o or less.\n" "$perm"
else
    for i in "${fail[@]}"; do
        printf "Exit Fail: %s\n" "$i"
    done
fi

#/bin/bash
perm=0750#系统策略
uid\u min=$（sed-n'/^uid\u min/s/[^0-9]*\（[0-9]\+\）./\1/p'/etc/login.defs）
uid\u max=$（sed-n'/^uid\u max/s/[^0-9]*\（[0-9]\+\）./\1/p'/etc/login.defs）
#逐行读取/etc/passwd和处理
而IFS=：read-ra a；做
#现在${a[0]}持有用户名，${a[2]}持有uid
如果（${a[2]}>=uid\u min&${a[2]}
#!/bin/bash

perm=0750       # system policy
uid_min=$(sed -n '/^UID_MIN/ s/[^0-9]*\([0-9]\+\).*/\1/p' "/etc/login.defs")
uid_max=$(sed -n '/^UID_MAX/ s/[^0-9]*\([0-9]\+\).*/\1/p' "/etc/login.defs")

# read /etc/passwd and process line by line
while IFS=: read -ra a; do
    # now ${a[0]} holds username and ${a[2]} holds uid
    if (( ${a[2]} >= uid_min && ${a[2]} <= uid_max )); then
        # narrow down the users whose uid is within the range
        users+=("${a[0]}")
        # check the user's permission
        userperm="0$(stat -c "%a" "/home/${a[0]}")"
        if (( (~ perm) & userperm )); then
            # the user's permission exceeds the limitation $perm
            fail+=("$(printf "%s has permission octal value 0%o." "${a[0]}" "$userperm")")
        fi
    fi
done < "/etc/passwd"

echo "Users:"
for i in "${users[@]}"; do
    echo "$i"
done

if (( ${#fail[@]} == 0 )); then
    printf "Exit Pass: All users have permission octal value of 0%o or less.\n" "$perm"
else
    for i in "${fail[@]}"; do
        printf "Exit Fail: %s\n" "$i"
    done
fi