-
Notifications
You must be signed in to change notification settings - Fork 3
/
readok
executable file
·78 lines (67 loc) · 2.03 KB
/
readok
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/bin/bash
################################################################################
# readok - determines whether a user can read a file by inspecting the
# permissions at each level in the path hierarchy and printing out helpful
# information about the permissions.
#
# Version 1
# Matthew Malensek <[email protected]>
################################################################################
if [[ ${#} -ne 2 ]]; then
echo "Usage: $(basename ${0}) username path"
exit 1
fi
username="${1}"
uid=$(id -u "${username}" 2> /dev/null)
if [[ ${?} -ne 0 ]]; then
echo "User not found: ${username}"
exit 1
fi
groups=$(id -G "${username}" 2> /dev/null)
abs_path=$(readlink -f "${2}")
if [[ ${?} -ne 0 || ! -e "${abs_path}" ]]; then
echo "[FAIL] Could not read path"
exit 1
fi
echo "${abs_path}"
path=""
IFS='/' read -ra part <<< "${abs_path}"
for i in "${part[@]:1}"; do
path="${path}/${i}"
stat -c "%A %U %G %N" "${path}"
f_mod=$(stat -c "0%a" "${path}")
f_uid=$(stat -c "%u" "${path}")
f_gid=$(stat -c "%g" "${path}")
# Determine the mode to check for based on file. If we are inspecting a
# directory, execute permissions suffice. Otherwise, check for read
# permissions.
test_mod=01
if [[ -f "${path}" ]]; then
test_mod=04
fi
# File owner check
if [[ ${uid} -eq ${f_uid} ]]; then
test=$(( ${test_mod} << 6 ))
if [[ $(( ${f_mod} & ${test} )) -gt 0 ]]; then
continue
fi
fi
# Group check
for group in ${groups}; do
if [[ ${group} -eq ${f_gid} ]]; then
test=$(( ${test_mod} << 3 ))
if [[ $(( ${f_mod} & ${test} )) -gt 0 ]]; then
continue 2 # Continue on the outer loop
fi
fi
done
# World
if [[ $(( ${f_mod} & ${test_mod} )) -gt 0 ]]; then
continue
fi
# If none of the above were readable, then we've hit a wall.
echo "[FAIL] ${username} cannot access ${path}"
exit 1
done
echo "[ OK ] ${username} can access ${abs_path}"
exit 0