New script >set sysvol perm

Today I have had to deal with an environment where I had to fix a lot of sysvol permissions, with a lot of different policies with different permissions.

I had begun doing it by hand using samba-tool ntacl set sddl-ACL patg, but I soon realized this was a nightmare . Thus I invested some time in creating a small script on python that at least did part of this for me:

import os
import sys
arg = sys.argv[1]
command = "samba-tool ntacl set "
wp = os.getcwd()
for dirname, dirnames, filenames in os.walk(wp):
 os.system(command + "\"" + arg + "\" " + "\"" + dirname + "\"")
 files = [f for f in os.listdir(dirname) if os.path.isfile(os.path.join(dirname,f))]
    for f in files:
 os.system(command + "\"" + arg + "\" " + "\"" + dirname + "/" + f + "\"")

With this at least I had to do it once per policy. Once done, I just created a bash script that got the path and the sddl from samba-tool ntacl sysvolcheck (and run the script above until this command were ok:

#!/bin/bash
until samba-tool ntacl sysvolcheck 2>/dev/null
do

DIR=$(samba-tool ntacl sysvolcheck 2>&1 | grep ERROR | cut -d" " -f12)
PERM=$(samba-tool ntacl sysvolcheck 2>&1 | grep ERROR | cut -d" " -f19)


cd "$DIR"

python script.py $PERM
done

Hope this is useful if you were looking for this.

P.S. You can find the code in my github under GPLv2 as ever

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.