ray3rd@ssc-vax.UUCP (Ray E Saddler III) (07/03/87)
I have been attempting to comment /etc/passwd with pound signs, like 'cap files and the like to help keep groups distinguished, and notated. (Yes, I am aware of /etc/group, and I do use it) 8^} Comments work fine, and don't cause a problem for login(1), but I get strange entries around the comments after passwd(1) is run. Example (before): # # Group 200 - Programming staff (vaporware) # bob::201:200:Bob Looper:/user/bob: # # Group 500 - Mechanical engineers (widget design) # jim::501:500:Jim Fitt:/user/jim: Example (after): #::0:0::: # Group 200 - Programming staff (vaporware) #::0:0::: bob:VtgjIsR/wsRB.:201:200:Bob Looper:/user/bob: #::0:0::: # Group 500 - Mechanical engineers (widget design) #::0:0::: jim:MtonSfDT1zPDk:501:500:Jim Fitt:/user/jim: This in itself causes no problems, but creats an visually ugly file which defeats my intentions. Please don't tell me why it's happening, I don't have the source to hack! Please do tell me what the best way (if any) to comment /etc/passwd. ***** Thank You For Your Support ***** -- Ray E. Saddler III CAD Support and Administration | __ __ __ __ Boeing Aerospace Company Ballistic Systems Division | / / / // //| // P.O. Box 3999 M.S. 3R-05 Kent Space Center East | /-< / //- // |// _ Seattle, Wa. 98124 USA (206)657-2824 or (206)657-3369 | /__//_//__ // //__/
chris@mimsy.UUCP (Chris Torek) (07/03/87)
The passwd file is supposed to be a sequence of lines, each containing exactly seven fields separated by colons. There is no comment mechanism, and the routines that scan the file are rather careless. Hence: In article <1320@ssc-vax.UUCP> ray3rd@ssc-vax.UUCP (Ray E Saddler III) writes: ># ># Group 200 - Programming staff (vaporware) ># >bob::201:200:Bob Looper:/user/bob: becomes >#::0:0::: ># Group 200 - Programming staff (vaporware) >#::0:0::: >bob:VtgjIsR/wsRB.:201:200:Bob Looper:/user/bob: I am surprised that the `# Group 200' line does not get smashed as well. >This in itself causes no problems, but creats an visually ugly file >which defeats my intentions. It *does* cause problems. Log in as the user `#': no password required, and for an account with user ID 0, i.e., super user. Password files are becoming inadequate. Sun has something called `yellow pages', which is a step in the right direction. Whether it allows comments I do not know, for we do not run it here. (Yellow pages has some problems we would prefer to avoid, and we have a different coherence system in use now.) -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7690) Domain: chris@mimsy.umd.edu Path: seismo!mimsy!chris
dce@mips.UUCP (David Elliott) (07/04/87)
In article <1320@ssc-vax.UUCP> ray3rd@ssc-vax.UUCP (Ray E Saddler III) writes: >I have been attempting to comment /etc/passwd with pound signs, like >'cap files and the like to help keep groups distinguished, and notated. >(Yes, I am aware of /etc/group, and I do use it) 8^} You can't do this. It wasn't designed this way. It would be nice, but you can't. It's a good idea not to assume that something will work if it isn't documented because... > Example (after): > >#::0:0::: ... >This in itself causes no problems, but creats an visually ugly file >which defeats my intentions. NO PROBLEMS? Would you mind if I logged in to your system for a while? The entry above is not a comment; the username is '#', there is no password, the userid is 0 (just like root's), the groupid is 0 (sys or wheel), the home directory is not set, and the login shell is /bin/sh (the default). I placed this in my password file and used it to become root without a password. I think that should be considered a problem. If you really need a comment, try something (ugly) like this: #:COMMENT:999:999::: Comment text... -- David Elliott {decvax,ucbvax,ihnp4}!decwrl!mips!dce
dpw@unisec.usi.com (Darryl P. Wagoner) (07/04/87)
In article <1320@ssc-vax.UUCP> ray3rd@ssc-vax.UUCP (Ray E Saddler III) writes: > Example (after): >#::0:0::: ># Group 500 - Mechanical engineers (widget design) >#::0:0::: >jim:MtonSfDT1zPDk:501:500:Jim Fitt:/user/jim: >This in itself causes no problems, but creats an visually ugly file >which defeats my intentions. It is a much more than ugly file. This will let someone login as "#" with a uid of 0 (root). Not cool. This can also happen if you too many or too few fields in a password entry. I think the problem is that the getpwent(3) routines parses(sp) the password file without reading each line into a strings first. Has anyone came out with a PD version of getpwent(3) ? If not a some future time I will. -- Darryl Wagoner UniSecure Systems, Inc.; dpw@unisec.usi.com Newport, RI; (401)-849-0857 UUCP: {gatech|mirror|cbosgd|uiucdcs|ihnp4}!rayssd!unisec!dpw
gwyn@brl-smoke.ARPA (Doug Gwyn ) (07/06/87)
In article <1015@unisec.usi.com> dpw@unisec.USI.COM (Darryl P. Wagoner) writes: >getpwent(3) routines parses(sp) the password file without reading each line >into a strings first. getpwent(3) and kin were improved quite a while ago in UNIX System V. I won't claim that it's perfect yet, but it makes it much harder to accidentally turn a slightly misformatted /etc/passwd into a gaping security hole.
henrik@blblbl.UUCP (Larry DeLuca) (07/07/87)
I like a well-organized password file myself, and prefer to avoid the problem of inadvertently creating root accounts, so I just do: ::99999:99999::: ::99999:99999:Administrative Logins:: ::99999:99999::: . . etc. It's not the best, but at least it generates a reasonable file that doesn't choke any utilities, and further, it keeps the people who like to do: $ su "" guessing for a little while. larry...
nk233514@cisunx.UUCP (Deus) (07/10/87)
In article <1320@ssc-vax.UUCP> ray3rd@ssc-vax.UUCP (Ray E Saddler III) writes: > > >I have been attempting to comment /etc/passwd with pound signs, like >'cap files and the like to help keep groups distinguished, and notated. >(Yes, I am aware of /etc/group, and I do use it) 8^} > [Stuff Deleted] > >#::0:0::: [Stuff Deleted] >This in itself causes no problems, but creats an visually ugly file >which defeats my intentions. This not only creates an ugly file, but also a coruptted password file. Try this : $ su '#' Like Magic, you become root without having to type a single password. Why not forget about the comments, and think about security ! Use /etc/vipw, if you have it, and save some trouble. Deus