0

I'm trying to check file ownership of every file in every home directory on a Linux machine as an Inspec test written in ruby, utilizing Linux commands. I have an array of home directory owners called ownerArray (containing users like bin, root, daemon, ...), and I'm trying to use the Dir.glob class to get every file in every directory for every owner contained in my array, but when I run my code it only loops through bin. There are about 15 owners all from /etc/passwd that I would like to loop through, but the following only checks bin (I can tell when I print the name of each file as it loops). Is this a permissions issue, or is there I different way I should use Dir.glob to get every file of every owner of a home directory on my machine. Thank you for your time and help.

ownerArray = %w()

  command("cut -d : -f1 /etc/passwd").stdout.each_line do |line|
    if (command("echo ~#{line}").stdout != "/\n")
      user = "/" + line.chomp()
      ownerArray.push user
    end
  end

ownerArray.each do |owner|
  Dir.glob("#{owner}/**/*", File::FNM_DOTMATCH).each do |file| 
    next if File.basename(file) == '.' || File.basename(file) == '..'
    group = command("stat -c %G #{file}").stdout
    describe command("id -Gn #{owner} | grep -c '\b{group}\b'") do
      its ('stdout') {should_not match "0\n"}
    end
  end
end

See ownerArray added above. It's just grabbing users from /etc/passwd. For output I expect the test to fail every time files exist in a home directory for which the group owning those files is not a group of which the home directory owner is a member. The grep returns 0 if the home directory owner is not a member of the group owning a given file in the users home directory.

StephenKing
  • 36,187
  • 11
  • 83
  • 112
jstremme
  • 1
  • 3
  • 1
    Could you be a little more specific? What do you mean be "only loops through `bin`"? What does `ownerArray` equal? What files are you looping over; what result are you expecting to see? – Tom Lord Sep 19 '16 at 14:56
  • I would guess your spec is executed on your local host. In this case `Dir.glob` returns only folders on your local and not on your remote host. – slowjack2k Sep 19 '16 at 14:57
  • Why using commands where resources exists ? `describe file(file) { it { shoud_not be_owned_by 'root' } }` See [the documentation](https://github.com/chef/inspec/blob/master/docs/resources.rst#file) – Tensibai Sep 19 '16 at 15:06
  • Next, without an insight on how what `ownerArray` really is, it's hard to tell what's happening here – Tensibai Sep 19 '16 at 15:07
  • I edited the question with a bit more info as per your requests, Tom Lord and Tensibai. Just checking who owns the file is not sufficient here. It involves making sure the owner of the home directory containing each file is a member of the owning group of each file. – jstremme Sep 20 '16 at 16:32
  • The only files ever checked by this code are the ones in 'bin' which is one of many elements of ownerArray. That's the puzzling part to me. – jstremme Sep 20 '16 at 16:47

1 Answers1

1

The loop you have is okay, but replace your command stuffs with a file InSpec resource. Should simplify it a good bit. You can also use that to check other file-ish parameters like group and mode.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • Thanks, coderanger. I will look into these and get back to you. I know about the file InSpec resources for checking groups and owners etc. The trick here seems to be checking which group owns a file against whether or not the homedirectory owner is a member of this owning group. – jstremme Sep 20 '16 at 16:37