Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: System Administration
A script to tell which workstations are using Samba shares
Share
Print
CommentsA combination of Linux utilities can help you determine who on your network is using which of your shared filesystems at any given time, allowing you to ask those users to log off while you update the system.
One of my clients has many multiple small Visual Basic 6 and Access-based applications running directly on Linux via Samba through network shares on Windows XP clients. Whenever he needs to update the application or database, he asks the users to log off the application so he can upload the new binary application or Access file to the server. However, his mid-sized network has about 100 clients using the apps, so even if only one user is logged on, my client has to get on the phone and go extension by extension until he finds the user who is using the application, ask the user to log off, and perform the upload.
I created a script to solve this problem using a combination of lsof, netstat, gawk, grep, uniq, and other utilities. All of the applications' binaries are stored in /usr/apps, in subfolders named payroll, accounting, sales, invoice, and so on. Assuming, for example, that the client needs to know the IP addresses of all the users who are using the payroll system, you can use the lsof utility, which lists all the open files:
lsof | grep /usr/apps/payroll smbd 16258 systems cwd DIR 8,5 4096 2191586 /usr/apps/payroll smbd 16258 systems 27rR REG 8,5 2449408 2191760 /usr/apps/payroll/payroll.exe smbd 16258 systems 28u REG 8,5 37883904 1684790 /usr/apps/payroll/dbpayroll.mdb smbd 16258 systems 29uw REG 8,5 256 1684290 /usr/apps/payroll/dbpayroll.ldb smbd 19237 systems cwd DIR 8,5 4096 2191586 /usr/apps/payroll smbd 19237 systems 25rR REG 8,5 2449408 2191760 /usr/apps/payroll/payroll.exe smbd 19237 systems 27u REG 8,5 37883904 1684790 /usr/apps/payroll/dbpayroll.mdb smbd 19237 systems 28uw REG 8,5 256 1684290 /usr/apps/payroll/dbpayroll.ldb smbd 19237 systems 29rW REG 8,5 45056 1684863 /usr/apps/payroll/report1.rpt
The output shows that smbd (Samba) has several files open, from process IDs (PID) 16258 through 19237. You know that two users are using the payroll.exe application, for example. The last line shows that the report1.rpt file is being used. This is a typical Crystal Reports extension, so you can figure out that this application is also busy. However, this doesn't show the users, so you need to extract only the necessary information (the PID numbers) from the previous output:
lsof | grep /usr/apps/payroll | gawk '{ print $2 }'
16258
16258
16258
16258
19237
19237
19237
19237
19237
With gawk, you can extract the second field, but you don't need all those repetitions. Use uniq, which removes duplicate lines from a sorted listing:
lsof | grep /usr/apps/payroll | gawk '{ print $2 }' | uniq
16258
19237
Send the results to a temporary file:
lsof | grep /usr/apps/payroll | gawk '{ print $2 }' | uniq > tmp
Next, relate those PID numbers with a network socket using the netstat command. With the –p option, netstat shows the PID and the name of the program to which each socket belongs:
netstat -p | grep 16258 tcp 0 0 192.168.100.250:netbios-ssn 192.168.100.32:1028 ESTABLISHED 16258/smbd
The fourth column (192.168.100.250:netbios-ssn) is the server machine, and the fifth column (168.100.32:1028) is the IP address and port number of the client machine, which is what you need.
Now you can put everything together by using a script that reads the PIDs in the tmp file:
lsof | grep /usr/apps/payroll | gawk '{ print $2 }' | uniq > tmp
echo "PCs USING THE APPLICATION:"
while read row ; do
netstat -p | grep $row | gawk '{ print $5 }' | cut -d":" -f1
done < tmp
The line netstat -p | grep $row | gawk '{ print $5 }' | cut -d":" -f1 first executes netstat, then calls grep with the variable $row, which comes from each row of the tmp file. Extract the fifth column with gawk, then with cut and the ":" delimiter, extract the first field, which is the IP address.
Give the script a name, and run chmod 700 script.sh to make it executable. When you run it, the result should look something like this:
./script.sh PCs USING THE APPLICATION 192.168.100.32 192.168.100.78
Now you just have to tie the IP address to a user name. To do that, add to /etc/hosts lines like this:
192.168.100.32 Lindsay_Hayek 192.168.100.78 Salma_Lohan 192.168.100.145 Tom_Norton 192.168.100.193 Edward_Cruise
And add an additional grep the script to read from /etc/hosts, in the netstat line:
grep `netstat -p | grep $row | gawk '{ print $5 }' | cut -d":" -f1` /etc/hosts
Now, however, if the script finds an IP address that is not listed in /etc/hosts, it will send an error rather than simply print the IP address. We can solve that problem with an if statment. If the above instruction is correct (returns 0 through the variable $?) then the script should go on to the next row of the tmp file, while anything besides 0 means that the IP address wasn't found in /etc/hosts, so just print the IP address. You may be able to find out who it belongs to from a network administrator. The final script would look something like this:
lsof | grep /usr/apps/payroll | gawk '{ print $2 }' | uniq > tmp
echo "PCs USING THE APPLICATION:"
while read row ; do
grep `netstat -p | grep $row | gawk '{ print $5 }' | cut -d":" -f1` /etc/hosts
if [ $? -ne 0 ]; then
netstat -p | grep $row | gawk '{ print $5 }' | cut -d":" -f1
end if
done < tmp
And when run, the result would look like:
./script.sh PCs USING THE APPLICATION 192.168.100.32 Lindsay_Hayek 192.168.100.78 Salma_Lohan 192.168.100.90
You could enhance this script. For example, instead of using payroll in the line lsof | grep /usr/apps/payroll | gawk '{ print $2 }' | uniq > tmp and then having to edit it every time you want to look for another application, you could use something like this:
lsof | grep /usr/apps/$1 | gawk '{ print $2 }' | uniq > tmp
echo "PCs USING THE APPLICATION: $1"
Here, $1 is an argument read from the command line:
./script.sh accounting PCs USING THE APPLICATION accounting 192.168.100.145 Tom_Norton 192.168.100.178 192.168.100.193 Edward_Cruise
You could also create a menu of applications, or use Zenity to interact with the script in an X Window environment.
Sergio Gonzalez Duran is a Linux administrator, systems developer, and network security counselor who also teaches Linux courses and publishes the Spanish-oriented Linux and open source Web site linuxtotal.com.mx.
Comments
on A script to tell which workstations are using Samba sharesNote: Comments are owned by the poster. We are not responsible for their content.
A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 196.209.164.35] on October 03, 2007 10:17 AMGreat script though ;) I can see it packaged into a cron job to automate the process :)
Re: A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 76.86.130.164] on October 03, 2007 11:27 AMRe(1): A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: unknown] on October 03, 2007 02:19 PMRe(2): A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 216.136.60.243] on October 03, 2007 03:26 PMRe(3): A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 64.6.40.50] on October 03, 2007 07:40 PMIt also allows you to kill off the samba process which owns the locked files -- even if the windows machine has abandoned the connection. That can happen if the client dies suddenly and leaves its locks behind. Usually, if the samba process is killed, the windows client will re-create the connection, although it is wise to be careful with this, because it could leave a corrupted access database or a confused client that found a mis-matched version of a dll.
A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 192.168.3.70] on October 03, 2007 10:42 AMGreg
A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 75.168.87.163] on October 03, 2007 01:46 PMA script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 219.95.191.251] on October 03, 2007 03:17 PMA script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: unknown] on October 03, 2007 04:42 PMEg.
echo "PCs USING THE APPLICATION:"
lsof | grep /usr/apps/payroll | gawk '{ print $2 }' | uniq | {
while read row ; do
grep `netstat -p | grep $row | gawk '{ print $5 }' | cut -d":" -f1` /etc/hosts
if [ $? -ne 0 ]; then
netstat -p | grep $row | gawk '{ print $5 }' | cut -d":" -f1
end if
done }
Re: A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 76.86.130.164] on October 03, 2007 07:55 PMUsing host file to find where users are is a bad idea.
Posted by: Anonymous [ip: 211.27.180.104] on October 05, 2007 12:00 AM/etc/hosts is better replaced with a machine lookup. nslookup followed by a lookup on who is using that machine. Since using a host file is completely useless in a dhcp network. I even have a file that does like this for nfs shares. Also for smb shares I end up just using smbstatus reason machines running thin clients. So there might be more than one user on them. Ie 1 in 200 users is not a good place to be looking.
Very big mistake thinking that only one user would be using the machine.
... | sort | uniq ...
or get rid of uniq bei using the -u option to sort:
... | sort -u
Have fun!
A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 82.146.251.29] on October 05, 2007 04:08 PM<a href="http://www.profesjonalna-reklama.pl" target="_blank">Pozycjonowanie</a>
A script to tell which workstations are using Samba shares
Posted by: Anonymous [ip: 91.148.102.51] on October 06, 2007 07:30 PMdo it in one line with awk, no tmp file needed
Posted by: Anonymous [ip: 172.16.176.1] on October 09, 2007 01:08 AM
or alternatively:
lsof | awk '$0~/\/usr\/apps\/payroll/{print $0}' | awk '{print $2}' | uniq | awk '{print "netstat -p | grep "$1}' | sh | awk '{print $5'} | awk -F: '{print $1}'
[Modified by: Anonymous on October 10, 2007 04:31 AM]
Suggestion
Posted by: Anonymous [ip: 81.35.199.235] on October 03, 2007 09:40 AM#