0

I want to parse /etc/passwd file to find out if the user has root privilege and can run interactive shell.

according to

UID 100-999 are reserved by system for administrative and system accounts/groups

what I understood is if the UID is between 100 and 999,the user has root privilege. Am I right?

next is How do you say user can run interactive shell by reading /etc/passwd?

PS. I am parsing this files in python, I can implement the logic, I just don't know the how to find out root user and what is Interactive shell and how to find one.

Kishor Pawar
  • 157
  • 1
  • 2
  • 10

2 Answers2

2

There is two types of accounts, system and regular user. System accounts belong to services and daemons, such as lightdm, dnsmasq, etc.Typically you cannot login into those accounts (although there are ways).

Regular users, such as your account or other people accounts, can login and interact with the OS through shell (could be bash, ksh, mksh, csh, or graphical shell such as Gnome or Unity).

System accounts range from 100 to 999 by default. There exists one special case, nobody , who has ID of 65534 (That's the max UID number ). On my system for instance dnsmasq it runs dnsmasq service.

Regular user accounts have UID range from 1000 to 65533. Those users can login, unless their password is disabled or their entry in /etc/passwd has shell set to /usr/sbin/nologin, or prevented in some other way. These users can have root privilege if they belong to sudo group.

So if you want to find users who have sudo privilege you need to parse /etc/group file. Here's mine:

$ awk '/sudo/' /etc/group                                      
sudo:x:27:xieerqi,testuser

To get just the users, use : as separator and print 4th field.

$ awk -F':' '/sudo/{print $4}' /etc/group                      
xieerqi,testuser

In python this is done as so:

>>> with open("/etc/group") as file:
...    for lines in file:
...       if lines.__contains__("sudo"):
...          print lines.split(":")[3]

Here's even more interesting approach. How about if we want to take all the sudo users and see if they have a shell set up in /etc/passwd ?

$ awk -F':' '/sudo/{gsub(/\,/,"\n");print $4 }' /etc/group | xargs -I {} grep '^{}\:.*' /etc/passwd               
xieerqi:x:1000:1000:xieerqi,,,:/home/xieerqi:/bin/mksh
testuser:x:1001:1001:,,,:/home/testuser:/bin/bash
Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497
0

In python this would be done like

import grp
import pwd
print([x for x in grp.getgrnam('sudo').gr_mem if pwd.getpwnam(x).pw_shell not in ('/bin/false', '/bin/nologin')])

Where grp.getgrnam('sudo').gr_mem would return all group members of group sudo and pwd.getpwnam(USER).pw_shell returns the users shell from /etc/passwd.

But only group membership in sudo is not the only way to become root. Your users could also have individual entries in /etc/sudoers which would give them root permissions. So you'd need to parse /etc/sudoers as well.

muru
  • 197,895
  • 55
  • 485
  • 740
Germar
  • 6,377
  • 2
  • 26
  • 39