0

I have a collection files from many systems in my enterprise in a store directory (/store/) and I wanted to find all of the passwd files and cat them out to a single file. Intuitively, the command I came up with and use is:

find /store/ -name passwd -type f  -exec cat {} + > all_passwds.txt

But this also collects the /etc/passwd file that are binary files (I am assuming that some systems symlink to busybox or something). I really just want text-based passwd files.

My next thought is that maybe I could find all /etc/passwd files and pull regex matches. I have been trying for a couple of hours to create a regex that will match the passwd format.

Any help on either creating a regex that will match /etc/passwd files or how to ensure that the command above only grabs text passwd files would be greatly appreciated.

Lexicon
  • 247
  • 1
  • 2
  • 10

2 Answers2

3

If you want to use a regex, then ^([^:]*:){6}[^:]*$ is probably sufficient to match seven fields seperated by : on each line, so you could do:

find /store -name passwd -type f -exec grep -hIE '^([^:]*:){6}[^:]*$' {} + > all_passwds.txt
  • -h omit the filenames in the output
  • -I skip binary files
  • -E enable extended regular expressions (ERE)
Freddy
  • 1,999
  • 5
  • 12
2

First: The binaries are likely bin/passwd - i.e. the password change tool...

Simple solution that might work if all your wanted passwd files are in subdirectories called etc: 

 find /store/ -wholename '*/etc/passwd'

This will only find etc/passwd files, which should be the correct format.

If that's not working, construct a loop with the file utility and concatenate only if it is a text file: 

file /etc/passwd
   /etc/passwd: ASCII text

Lastly, I picked the following regex from an old piece of PHP code. Adapt as needed: 

\w+:\w+:\d+:\d+:[\w\d\s,@()]*:[\w\d\s\/]*:[\d\s\w\/]*
Sven
  • 97,248
  • 13
  • 177
  • 225