{"id":769,"date":"2011-03-07T00:24:40","date_gmt":"2011-03-07T05:24:40","guid":{"rendered":"http:\/\/yourLinuxGuy.com\/?p=769"},"modified":"2011-03-07T08:25:01","modified_gmt":"2011-03-07T13:25:01","slug":"finding-non-group-trustee-assignments-on-netware-volumes","status":"publish","type":"post","link":"https:\/\/yourLinuxGuy.com\/?p=769","title":{"rendered":"Finding Non-Group Trustee Assignments On NetWare Volumes"},"content":{"rendered":"

Recently, I was working with a customer in a NetWare\/OES server environment who was looking to to ensure that all the trustee assignments on a particular volume are group<\/em>-based, not individual user<\/em>-based.\u00a0 Actually, it was a few volumes… and many groups… and many<\/em> users…<\/p>\n

Anyway, the method I came up with was to rely on two good ol’ fashioned utilities: trustee.nlm<\/strong> and bash<\/strong>.<\/p>\n

trustee.nlm<\/h3>\n

First, I had to gather the trustee assignment for every file on the volume; and trustee.nlm does just that and much more.\u00a0 Since I’m not interested in file ownerships, etc., I just ran the nlm with the set of flags to create the output file with only the trustee assignments, as follows:<\/p>\n

LOAD TRUSTEE \/ET SAVE <volname>:\\ <volname>:\\<outputfile>.txt<\/code><\/pre>\n
…and I normally just name the output file after the server and the volume, like: FS1VOL2.txt<\/code> or something similar.\u00a0 Now, of course, if you have a small volume, with a small amount of data, and a small amount of users and groups, you can just stop right here, read the file with your human eyes, and find out who has user trustee assignments right away.\u00a0 But…<\/p>\n
bash<\/h3>\n
I decided to use a bash script to parse the trustee.nlm output file, and for each trustee object it finds, do an LDAP call (one per second) to find out if the object is a group or not.\u00a0 If the object in question is not a group<\/em>, the script writes the object value to a result file.\u00a0 If the object is a group<\/em>, it just spits a confirmation out to the console to keep me entertained while waiting.<\/p>\n
Here is the script below:<\/p>\n
#!\/bin\/bash\r\n# This script doesn't work well when objects have commas in them.\r\n# It results in reporting that line as a non-group, which might not be true.\r\n#\r\n# Don't touch these variables\r\nDATE=`date +%Y%m%d%H%M%S`\r\nx=0\r\n#\r\n# Set these variables\r\nLDAPSERVER=\"192.168.1.3\"\r\nTREE=\"mytree\"\r\nTRUSTEEFILE=\"$1\"\r\nOUTFILE=\"NonGroupTrustees.$TRUSTEEFILE.$DATE\"\r\n#\r\necho \"Starting at $DATE\" > $OUTFILE\r\n#\r\nwhile [ $x -lt $(wc -l <$TRUSTEEFILE) ]\r\ndo\r\n   let x=x+1\r\n   LINE=`head -n $x $TRUSTEEFILE | tail -n 1`\r\n   item=`echo $LINE |awk 'BEGIN { FS =\",\" } ; { print $4 }'|sed s\/\\\"\/\/g |awk 'BEGIN { FS =\".\" } ; { print $1 }'`\r\n   RESULT=`ldapsearch -LL -x -h $LDAPSERVER -p 389 -b t=$TREE \"cn=$item\" objectclass |grep groupOfNames`\r\n   if [ \"x$RESULT\" == \"x\" ];then\r\n      echo \"$item is not a group, $LINE\"\r\n      echo \"$LINE\" >> $OUTFILE\r\n   else\r\n      echo \"$item is a group\"\r\n   fi\r\n   sleep 1\r\ndone\r\n#\r\necho \"Complete. \" >> $OUTFILE<\/code><\/pre>\n
And there you go.\u00a0 Just copy the script content, save it locally to a file in the same directory as your trustee report file, do a chmod +x<\/code> on that file so it will execute, and change the variables in the script to match your proper values (LDAPSERVER and TREE).\u00a0 Then, run the script with your trustee report file as the first input variable on the command line.\u00a0 For instance, if your file were named trusteeCheckScript.bash, and your trustee file was named as my example further above, then you’d run:<\/p>\n
trusteeCheckScript.bash FS1VOL2.txt<\/code><\/p>\n
And then check the output file for results.<\/p>\n
Enjoy! I hope that helps.\u00a0 And if you have a better way, as always, drop me a line…<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Recently, I was working with a customer in a NetWare\/OES server environment who was looking to to ensure that all the trustee assignments on a particular volume are group-based, not individual user-based.\u00a0 Actually, it was a few volumes… and many…
Read more<\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,5],"tags":[],"class_list":["post-769","post","type-post","status-publish","format-standard","hentry","category-intermediate","category-netwaregeneral"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pnjn1-cp","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=\/wp\/v2\/posts\/769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=769"}],"version-history":[{"count":3,"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=\/wp\/v2\/posts\/769\/revisions"}],"predecessor-version":[{"id":771,"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=\/wp\/v2\/posts\/769\/revisions\/771"}],"wp:attachment":[{"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yourLinuxGuy.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}