BASH: Find Orphaned Users and Orphaned Groups

Sometimes, for auditing purposes, it can be useful to look for users and groups which are “orphaned” or have no users/groups associated with them. image

Finding Orphaned Users

Use this script to find orphaned users:

   1: USEREXCLUSIONS=( sync shutdown halt operator )
   2: USEREXCLUSIONSNUM=${#USEREXCLUSIONS[@]}
   3:  
   4: for i in `cat /etc/passwd | awk -F : {'print $1'}`; do
   5:  
   6: command=`grep $i":x" /etc/group | wc -l`
   7: if [ $command -lt 1 ]; then
   8:  
   9:         for ((t=0;t<$USEREXCLUSIONSNUM;t++)); do
  10:         look=${USEREXCLUSIONS[${t}]}
  11:                 if [ $i = $look ]; then
  12:                         orphaned=0;
  13:                         break;
  14:                 else
  15:                         orphaned=1;
  16:                 fi
  17:         done
  18:  
  19:         if [ $orphaned -eq 1 ]; then
  20:                 echo $i" is orphaned!"
  21:         fi
  22:  
  23: fi
  24:  
  25: done   

 

Finding Orphaned Groups

Use this script to find orphaned groups:

   1: GROUPEXCLUSIONS=( sys tty disk mem kmem wheel dip lock users floppy utmp slocate )
   2: GROUPEXCLUSIONSNUM=${#GROUPEXCLUSIONS[@]}
   3:  
   4: for i in `cat /etc/group | awk -F : {'print $1'}`; do
   5:  
   6: command=`grep $i":x" /etc/passwd | wc -l`
   7: if [ $command -lt 1 ]; then
   8:  
   9:         for ((t=0;t<$GROUPEXCLUSIONSNUM;t++)); do
  10:         look=${GROUPEXCLUSIONS[${t}]}
  11:                 if [ $i = $look ]; then
  12:                         orphaned=0;
  13:                         break;
  14:                 else
  15:                         orphaned=1;
  16:                 fi
  17:         done
  18:  
  19:         if [ $orphaned -eq 1 ]; then
  20:                 echo $i" is orphaned!"
  21:         fi
  22:  
  23: fi
  24: done

Leave a Reply

Your email address will not be published / Required fields are marked *