jep@fantasci.UUCP (Joseph E Poplawski) (10/16/88)
For those of you who were looking for a copy of 'vipw', here is one that I wrote. I want to thank Mike Khaw (mkhaw@teknowledge.arpa) for his suggestions on what the program should do. Here it is: ---------------------CUT HERE-------------------------------------------------- # vipw # # program to edit the password file. will not allow editing if /etc/ptmp exists. # # written by: Jo Poplawski jep@fantasci.UUCP # if [ "n$EDITOR" = "n" ] then EDITOR=/usr/bin/vi fi if [ -f "/etc/ptmp" ] then echo "" echo "/etc/passwd being used, please try again in a few minutes..." echo "" exit 1 else cat /dev/null >/etc/ptmp cp /etc/passwd /etc/ptmp $EDITOR /etc/ptmp cp /etc/passwd /etc/passwd.old mv /etc/ptmp /etc/passwd chown root /etc/passwd chgrp sys /etc/passwd chmod 444 /etc/passwd chmod 000 /etc/passwd.old fi ---------------------CUT HERE-------------------------------------------------- Enjoy, -Jo ------------------------------------------------------------------------------- | Joseph E Poplawski (Jo) US Mail: 1621 Jackson Street | | Cinnaminson NJ 08077 | | UUCP:..!rutgers!rochester!moscom!telesci!fantasci!jep | | ..!princeton!telesci!fantasci!jep | | ..!pyrnj!telesci!fantasci!jep Phone: +1 609 786-8099 home | -------------------------------------------------------------------------------
chris@mimsy.UUCP (Chris Torek) (10/18/88)
In article <218@fantasci.UUCP> jep@fantasci.UUCP (Joseph E Poplawski) writes: >if [ "n$EDITOR" = "n" ] >then > EDITOR=/usr/bin/vi >fi Handy sh programming tip number 3,141: use ${EDITOR-/usr/bin/vi} But here is the real reason for the followup: >if [ -f "/etc/ptmp" ] >then > echo "" > echo "/etc/passwd being used, please try again in a few minutes..." > echo "" > exit 1 >else > cat /dev/null >/etc/ptmp This has a window during which it will not notice the lock file. You are much better off using links, viz.: # The following is so that we do not remove a ptmp lock file # that we did not create, yet we never ignore signals. # At worst we will leave a dummy file in /etc. lock=/etc/ptmp tf=$lock$$ rm -f $tf >$tf trap "if [ -f $tf ]; then rm -f $tf $lock; fi; exit 1" 1 2 3 15 if ln $tf $lock 2>/dev/null; then echo ' /etc/passwd busy, please try again ' 1>&2 exit 1 else # cp /etc/passwd /etc/passwd.old # depending on paranoia level (trap 1 2 3 15; ${EDITOR-/usr/ucb/vi} /etc/passwd) rm -f $tf $lock fi Of course, this script should not be used on systems that already have a `vipw' program, since it may (and probably does) use some other form of locking. (From C code one can use open(O_CREAT|O_EXCL) to atomically create a file and fail if it already exists, but the shells do not provide this facility. Another approach is to write a small tool that does this. But unless you have reliable signals you will still have windows of vulnerability.) -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163) Domain: chris@mimsy.umd.edu Path: uunet!mimsy!chris
eirik@tekcrl.TEK.COM (Eirik Fuller) (10/20/88)
I like these scripts to implement vipw, but I wonder, do systems without vipw know about /etc/ptmp? The point of vipw as I understand it is that /bin/passwd knows enough not to change a password if something else (vipw, for instance) is in the middle of changing /etc/passwd. Seems to me vipw as a script buys you something only if a) /bin/passwd already knows of /etc/ptmp or b) /bin/passwd is rigged to know of /etc/ptmp. Of course, it's a simple matter to make a front end to /bin/passwd ...
cudcv@warwick.ac.uk (Rob McMahon) (10/22/88)
In article <14043@mimsy.UUCP> chris@mimsy.UUCP (Chris Torek) writes: >In article <218@fantasci.UUCP> jep@fantasci.UUCP (Joseph E Poplawski) writes: >>if [ -f "/etc/ptmp" ]; then exit 1; else cat /dev/null >/etc/ptmp ... > >This has a window during which it will not notice the lock file. >You are much better off using links, viz.: >... > if ln $tf $lock 2>/dev/null; then exit 1; else ... Except that this seems to be silently broken under (at least some versions of) System V, in which ln(1) deletes the file first, and the command succeeds. See: Newsgroups: news.software.b,comp.sources.bugs Subject: C News Bulletin #8 - fixes for illegal message-IDs, System V ln(1) Message-ID: <1988Oct18.064611.25833@utstat.uucp> `mkdir $lock' should still work though ... Rob -- UUCP: ...!mcvax!ukc!warwick!cudcv PHONE: +44 203 523037 JANET: cudcv@uk.ac.warwick ARPA: cudcv@warwick.ac.uk Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England
vrh@mh_co2.mh.nl (Michael Verheij) (10/28/88)
In article <3182@tekcrl.CRL.TEK.COM> eirik@tekcrl.TEK.COM (Eirik Fuller) writes: >I like these scripts to implement vipw, but I wonder, do systems >without vipw know about /etc/ptmp? The point of vipw as I understand >it is that /bin/passwd knows enough not to change a password if >something else (vipw, for instance) is in the middle of changing >/etc/passwd. Seems to me vipw as a script buys you something only if >a) /bin/passwd already knows of /etc/ptmp or b) /bin/passwd is rigged >to know of /etc/ptmp. > Our Multipower Series/2 (a system with National Semiconductors' GENIX V.3 OS) has no vipw-command. But when you examine the strings found in /bin/passwd (which you can do with the strings-command), the program definitely tests for the existence of /etc/pmp. If you create the file /etc/ptmp and you try to change your password afterwards, then the passwd-program prompts you that the password can't be changed, because a "temporary file exists". Michael Verheij (using Netnews) USENET: vrh@mh.nl via European backbone (mcvax). UUCP: ..!mcvax!mhres!vrh "Experience comes with the amount of equipment ruined."