I should start by saying I consider myself a proficient user. But today I had the need to automate this and was stumped.
Let's suppose I am root, and as such I'm able to traverse the whole filesystem but I can't run "sudo" nor "su".
I have a given user and a given path.
How can I check, over the CLI, whether the user will be able to read and/or write to the path?
I know this sounds easy, but keep in mind that:
I'm assuming this can't be done through any command, and I'd need to first gather all user groups, then traverse the whole hierarchy of the path, check read permissions all along the path and then read & write for the final directory. Sounds awfully expensive, though.
Tag me a scripting guru!
check_access() {
checked_file=$1
target_user=$2
result=PASS
groups=`id -G $target_user | sed -e 's| | -o -group |g' -e 's|^|\\( -group |' -e 's|$| \\)|'`
while [ $checked_file != / ]; do
find $checked_file -maxdepth 0 \
-type f \( \
\( -user $target_user -perm 0400 \) \
-o \( $groups -perm 0040 \) \
-o -perm 0004 \
\) -o -type d \( \
\( -user $target_user -perm 0100 \) \
-o \( $groups -perm 0010 \) \
-o -perm 0001 \
\) >/dev/null 2>&1 || result=FAIL
checked_file=`dirname $checked_file`
done
echo $result
}