自动ACL检查shell脚本

时间:2021-03-02 23:49:39

I'd like to get some ideas from you on how to implement that. Let me explain a little bit my problem:

我想从你那里得到一些关于如何实现它的想法。让我解释一下我的问题:

Scenario: We have a system that must have some especific ACLs set in order to run it. So, before running it would be great if I could run a sort of pre check in order to verify if everything was set correctly.

场景:我们有一个系统必须设置一些特定的ACL才能运行它。因此,在运行之前,如果我可以运行一种预检查以验证是否所有设置都正确,那将会很棒。

Goal: Create a script that checks those ACLs before starting the system alerting in case one of them is wrong based in a list of files/folder and its ACLs.

目标:创建一个脚本,在启动系统警报之前检查这些ACL,以防其中一个错误基于文件/文件夹及其ACL列表。

Problems: Since the getfacl result is not a simple return, the only way I found to do such checking was parsing the result and analising each piece of it, that not as elegant as I'd like it could be.

问题:由于getfacl结果不是简单的返回,我发现进行此类检查的唯一方法是解析结果并分析每一部分,这不像我希望的那样优雅。

I doubt many of you had to do something ACLs check but for sure you guys can contribute to my cause :)

我怀疑你们很多人必须做一些ACL检查,但肯定你们可以为我的事业做出贡献:)

Thanks everybody in advance

提前谢谢大家

2 个解决方案

#1


1  

How about using Python module pylibacl

如何使用Python模块pylibacl

>>> import posix1e
>>> acl1 = posix1e.ACL(file="file1.txt")
>>> print acl1
user::rw-
group::r--
other::r--

#2


1  

Since the getfacl result is not a simple return, the only way I found to do such checking was parsing the result and analising each piece of it, that not as elegant as I'd like it could be.

由于getfacl结果不是简单的返回,我发现进行此类检查的唯一方法是解析结果并对其中的每一部分进行分析,这不像我希望的那样优雅。

What exactly are you trying to do? If you're just comparing the result of calling getfacl to a desired ACL, it should be easy. For example, assuming that you have stored your desired ACL in a file named acl-i-want, you could do something like this:

你究竟想做什么?如果您只是将调用getfacl的结果与所需的ACL进行比较,则应该很容易。例如,假设您已将所需的ACL存储在名为acl-i-want的文件中,您可以执行以下操作:

   getfacl /path > acl-i-have
   if ! diff -q acl-i-have acl-i-want; then
      echo "ACLs are different."
   fi

#1


1  

How about using Python module pylibacl

如何使用Python模块pylibacl

>>> import posix1e
>>> acl1 = posix1e.ACL(file="file1.txt")
>>> print acl1
user::rw-
group::r--
other::r--

#2


1  

Since the getfacl result is not a simple return, the only way I found to do such checking was parsing the result and analising each piece of it, that not as elegant as I'd like it could be.

由于getfacl结果不是简单的返回,我发现进行此类检查的唯一方法是解析结果并对其中的每一部分进行分析,这不像我希望的那样优雅。

What exactly are you trying to do? If you're just comparing the result of calling getfacl to a desired ACL, it should be easy. For example, assuming that you have stored your desired ACL in a file named acl-i-want, you could do something like this:

你究竟想做什么?如果您只是将调用getfacl的结果与所需的ACL进行比较,则应该很容易。例如,假设您已将所需的ACL存储在名为acl-i-want的文件中,您可以执行以下操作:

   getfacl /path > acl-i-have
   if ! diff -q acl-i-have acl-i-want; then
      echo "ACLs are different."
   fi