|
Home > Archive > Unix Programming > October 2004 > Will anytime /etc/passwd change due to 'pwconv' command?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Will anytime /etc/passwd change due to 'pwconv' command?
|
|
| qazmlp 2004-08-18, 5:57 pm |
| In my understanding, 'pwconv' command synchronizes the /etc/shadow
file according to the entries in /etc/passwd i.e it results into
changes only in /etc/shadow file and not in /etc/passwd due to the
invocation of 'pwconv' command. Am I right? In any case, does 'pwconv'
also result into some changes in /etc/passwd file?
| |
| Eric Sosman 2004-08-18, 5:57 pm |
| qazmlp wrote:
> In my understanding, 'pwconv' command synchronizes the /etc/shadow
> file according to the entries in /etc/passwd i.e it results into
> changes only in /etc/shadow file and not in /etc/passwd due to the
> invocation of 'pwconv' command. Am I right? In any case, does 'pwconv'
> also result into some changes in /etc/passwd file?
Any actual hashed passwords in /etc/passwd will be
replaced with 'x'. Ordinarily, this only happens the
very first time pwconv is run.
You've posed a couple questions about making changes
to the "user account" files. What are you trying to do,
and is there a reason you can't do it through standard
interfaces? The days of hand-editing /etc/passwd are
(or ought to be) behind us ...
--
Eric.Sosman@sun.com
| |
| Fred J. Bourgeois, III 2004-10-02, 9:13 pm |
| Eric Sosman wrote:
> qazmlp wrote:
>
[snip]
>
> You've posed a couple questions about making changes
> to the "user account" files. What are you trying to do,
> and is there a reason you can't do it through standard
> interfaces? The days of hand-editing /etc/passwd are
> (or ought to be) behind us ...
>
NOT!
Please, don't discourage people from understanding core concepts
like the format of really simple/basic files (/etc/passwd)! Sure,
people have made all sorts of whizzy, flashy tools for maintaining
this stuff, and now the average luser has no clue where to look
when something gets corrupted and suddenyl they can no longer login.
*Every* unix programmer|user should understand how to read the
/etc/passwd file, or don't bother using unix!
On a related note, if you don't understand the format, read the man
page first, understand the fields, and by no means do any editting
of the /etc/passwd file unless/until you've got a clue about what
the stuff is there for.
[Okay, maybe knowing what "GECOS" means is superfluous, but the
rest is pretty relevant! Consider all the questions in this group
about "why does user so-and-so have /bin/false as a login shell?"
and you realize the fundamental importance of retaining the knowledge
about basic file layouts in unix.]
Sorry to respond to such an old thread, but this is a touchy issue.
-fjb
--
Colorless Green Ideas Sleep Furiously, and so do I....
| |
| Michael Vilain 2004-10-02, 9:13 pm |
| In article <415D0C79.10308@sbcglobal.net>,
"Fred J. Bourgeois, III" <fjb3@sbcglobal.net> wrote:
> Eric Sosman wrote:
> [snip]
>
> NOT!
>
> Please, don't discourage people from understanding core concepts
> like the format of really simple/basic files (/etc/passwd)! Sure,
> people have made all sorts of whizzy, flashy tools for maintaining
> this stuff, and now the average luser has no clue where to look
> when something gets corrupted and suddenyl they can no longer login.
> *Every* unix programmer|user should understand how to read the
> /etc/passwd file, or don't bother using unix!
>
> On a related note, if you don't understand the format, read the man
> page first, understand the fields, and by no means do any editting
> of the /etc/passwd file unless/until you've got a clue about what
> the stuff is there for.
>
> [Okay, maybe knowing what "GECOS" means is superfluous, but the
> rest is pretty relevant! Consider all the questions in this group
> about "why does user so-and-so have /bin/false as a login shell?"
> and you realize the fundamental importance of retaining the knowledge
> about basic file layouts in unix.]
>
> Sorry to respond to such an old thread, but this is a touchy issue.
>
> -fjb
> --
> Colorless Green Ideas Sleep Furiously, and so do I....
OK, you get to respond to *ALL* the Linux script kiddies who've changed
the Solaris root shell to /usr/bin/bash and can no longer login as root
(unless they're on Solaris 9--yeah!).
In this day and age of dumbing down (just look at the current
President), general advise to use the "standard tools" rather than vi
seems a good idea.
Come to think of it, if we followed your lead, there's be a lot less
people out there doing damage to machines.
***NEVERMIND** (spoken with the voice of Gilda Radner)
--
DeeDee, don't press that button! DeeDee! NO! Dee...
| |
| Fred J. Bourgeois, III 2004-10-02, 9:13 pm |
| "Michael Vilain " wrote:
> In article <415D0C79.10308@sbcglobal.net>,
> "Fred J. Bourgeois, III" <fjb3@sbcglobal.net> wrote:
>
>
>
>
> OK, you get to respond to *ALL* the Linux script kiddies who've changed
> the Solaris root shell to /usr/bin/bash and can no longer login as root
> (unless they're on Solaris 9--yeah!).
Really?! All of them?!! Does that mean everybody else will ignore them
from now on? ;-)
> In this day and age of dumbing down (just look at the current
> President), general advise to use the "standard tools" rather than vi
> seems a good idea.
I constantly feel the pain of dumbed-down unix admins (e.g. the guy who
bugged me for a week about his DNS zone not resolving, claimed to have
changed nothing, and finally added that his ISP had changed his IP
addresses!).
> Come to think of it, if we followed your lead, there's be a lot less
> people out there doing damage to machines.
>
> ***NEVERMIND** (spoken with the voice of Gilda Radner)
>
Yup.
--
Fred J. Bourgeois, III FREDNET Corporation
Colorless Green Ideas Sleep Furiously, and so do I....
FREDNET is a registered service mark of FREDNET Corporation, Scotts
Valley, CA.
[E-mail address in header intentionally mangled ... remove "bonzo"
part]
| |
| Bill Vermillion 2004-10-03, 9:18 pm |
| In article <vilain-9A260A.15384701102004@comcast.dca.giganews.com>,
Michael Vilain <vilain@spamcop.net> wrote:
>In article <415D0C79.10308@sbcglobal.net>,
> "Fred J. Bourgeois, III" <fjb3@sbcglobal.net> wrote:
>
[vbcol=seagreen]
[vbcol=seagreen]
[vbcol=seagreen]
[vbcol=seagreen]
>OK, you get to respond to *ALL* the Linux script kiddies who've
>changed the Solaris root shell to /usr/bin/bash and can no longer
>login as root (unless they're on Solaris 9--yeah!).
Reminds me of the time a client in our colo-rack had a problem
and restarted or something crashed it and it needed to be fsck'd
which failed.
I went in and connected a serial link and when it went to single
user prompt it couldn't find the root home directory and wanted to
start over.
I tried the install CD and it wouldn't do a thing because there
was an OS already installed.
Luckily they had two HD's in that box. As I recall when you
came into the system it went to the Netra, and then an Apple G4
running WebObjects and the database resided on a multi-sparc
Sun under Oracle.
But the admins had only used Linux.
root's home was moved onto /usr/local as I recall.
I found the easiest way to recover that was to pull out the drives
- and those were designed to do that - put the second drive which
had nothing on it into the first slot and install a fresh solaris.
Then I could fsck the original HD which was now in position 2.
Once I did that I swapped them back and all was ok.
So he had the root home on the wrong partition, had bash installed
that wanted shared libraries which were not avaiable, and sh
appeared to be moved.
So this was worse than not being able to login in as root, it was
not being able to even get into single user mode.
And I've cleaned up a couple of other poorly admined Linux system
with some of the strangest scripts running out of cron that I've
ever seen.
Brings in a few bux now and then however.
>In this day and age of dumbing down (just look at the current
>President), general advise to use the "standard tools" rather than vi
>seems a good idea.
I thought vi was a standard tool :-). Actually the first *n*x
system I used had only ed, so I learned the regex's pretty well.
>Come to think of it, if we followed your lead, there's be a lot less
>people out there doing damage to machines.
If you undestand the concepts you can admin almost any Unix machine
made. But too many [from my observations] are of the 'I need to
know what key to press' and once they get on a system with an
interface different than they one they learned on, they get lost.
Sometimes they even lose the data :-(
Bill
--
Bill Vermillion - bv @ wjv . com
| |
| Eric Sosman 2004-10-04, 6:01 pm |
| "Michael Vilain " wrote:[vbcol=seagreen]
> In article <415D0C79.10308@sbcglobal.net>,
> "Fred J. Bourgeois, III" <fjb3@sbcglobal.net> wrote:
>
I wasn't going to re-enter this old thread, but since
three or four new posts have appeared I thought I'd try to
clear up what seems to be a misunderstanding.
I was *not* attempting to discourage anybody from a
study of the format of anything whatsoever. Instead, I was
trying to find out what "qazmlp" was up to, and to encourage
him to use the available tools unless there was a compelling
reason not to. This, I think, was and is good advice.
Note that "qazmlp" didn't appear (in this and other
threads started at about the same time) to be asking how to
use vi to manipulate these files; he seemed to be seeking
advice on how to write a brand-new program to massage them.
I somewhat suspected he'd been tasked with developing some
kind of user-management facility that would tie into an
external registry: Give Unix accounts to all the incoming
freshmen while expunging all the graduated seniors, that
sort of thing. If that turned out to be the gist of the
matter, I was going to suggest that he write wrappers
around existing tools like useradd rather than try to
incorporate the password-hashing and suchlike right into
the middle of his own program.
... but as far as I can tell he never came back. Maybe
he got scared off, or maybe he learned enough to enable him
to do -- well, to do whatever it was he was up to.
--
Eric.Sosman@sun.com
| |
| qazmlp 2004-10-05, 3:01 am |
| Eric Sosman <eric.sosman@sun.com> wrote in message news:<cjrtnt$e07$1@news1brm.Central.Sun.COM>...
> "Michael Vilain " wrote:
>
> I wasn't going to re-enter this old thread, but since
> three or four new posts have appeared I thought I'd try to
> clear up what seems to be a misunderstanding.
>
> I was *not* attempting to discourage anybody from a
> study of the format of anything whatsoever. Instead, I was
> trying to find out what "qazmlp" was up to, and to encourage
> him to use the available tools unless there was a compelling
> reason not to. This, I think, was and is good advice.
>
> Note that "qazmlp" didn't appear (in this and other
> threads started at about the same time) to be asking how to
> use vi to manipulate these files; he seemed to be seeking
> advice on how to write a brand-new program to massage them.
> I somewhat suspected he'd been tasked with developing some
> kind of user-management facility that would tie into an
> external registry: Give Unix accounts to all the incoming
> freshmen while expunging all the graduated seniors, that
> sort of thing. If that turned out to be the gist of the
> matter, I was going to suggest that he write wrappers
> around existing tools like useradd rather than try to
> incorporate the password-hashing and suchlike right into
> the middle of his own program.
>
> ... but as far as I can tell he never came back. Maybe
> he got scared off, or maybe he learned enough to enable him
> to do -- well, to do whatever it was he was up to.
I got the answer from your previous post itself! That's I did not come
back in this thread!
Thanks for all! The contributions from all of you are commendable.
|
|
|
|
|