dag@fciva.FRANKLIN.COM (Daniel A. Graifer) (09/27/88)
This is a summary of the responses I received when I asked "why shouldn't I use vi to edit /etc/passwd?" The reason is simple: I load up the file with vi. Someone else issues a passwd command to change their passwd. I save my changes. Poor someone else looses out. I guess I should have thought of that! :-) Thanks much to all of you who mailed or posted responses. -Dan -- Daniel A. Graifer Franklin Capital Investments uunet!fciva!dag 7900 Westpark Drive, Suite A130 (703)821-3244 McLean, VA 22102
meo@stiatl.UUCP (Miles O'Neal) (09/30/88)
In article <426@fciva.FRANKLIN.COM>, dag@fciva.FRANKLIN.COM (Daniel A. Graifer) writes: > The reason is simple: I load up the file with vi. Someone else issues a > passwd command to change their passwd. I save my changes. Poor someone > else looses out. I guess I should have thought of that! On the other hand, having more than 1 person with responsibility to maintain /etc/passwd simultaneously is something I avoid anyway. Is there a vigr for /etc/group? I never saw 1... Finally, the 2 vipw's I have seen used both messed with the file permissions, and left them different than I found them (related to other discussion here recently...)
wisner@killer.DALLAS.TX.US (Bill Wisner) (10/01/88)
>On the other hand, having more than 1 person with responsibility to >maintain /etc/passwd simultaneously is something I avoid anyway. This is not the point. There is a user program, passwd, that could modify the passwd file while you are editing it. This is the point. >Is there a vigr for /etc/group? I never saw 1... No, but one isn't needed. There is NOT a user program that could modify the group file while you are editing it.
dg@lakart.UUCP (David Goodenough) (10/04/88)
dag@fciva.FRANKLIN.COM (Daniel A. Graifer) sez:
] This is a summary of the responses I received when I asked "why shouldn't
] I use vi to edit /etc/passwd?"
]
] The reason is simple: I load up the file with vi. Someone else issues a
] passwd command to change their passwd. I save my changes. Poor someone
] else looses out. I guess I should have thought of that! :-) Thanks
] much to all of you who mailed or posted responses.
]
] -Dan
This is what vipw was invented for.
--
dg@lakart.UUCP - David Goodenough +---+
| +-+-+
....... !harvard!xait!lakart!dg +-+-+ |
+---+
jay@hqda-ai.ARPA (Jay Hiser) (10/07/88)
Not only is it a really bad idea to edit /etc/passwd without locking it (normally /etc/ptmp is the lock file), but SysV vi has an interesting bug/feature that can cause a problem. CCI, our SysV vender, has just posted a bulletin warning that vi has an undocumented feature. "[it was] designed to look for the occurrence of a line that starts with the string "ei:" and use the characters following the ei: as editor commands. This is NOT documented." In other words, if someone on your system has a userid 'ei', unexpected things will happen if you use vi to edit the password file. The bulletin only warns about SysV versions of vi (specifically on tahoes and Power 5/32s). Watch out with the /etc/group & inittab files too. ONE MORE CONCERN: if you've implemented password aging (I think its an excellent idea, sysV does exercise some control over changed passwords, so its fairly secure -- its a good idea for our conditions at least), users must change their password at login once they've expired. If you're hacking around in the password file & its locked, they won't be able to login until you're done. Be aware. Jay Heiser The Phantom SysAdmin
amos@taux02.UUCP (Amos Shapir) (10/08/88)
In article <13215@hqda-ai.ARPA> jay@hqda-ai.ARPA (Jay Heiser) writes: >CCI, our SysV vender, has just posted a bulletin warning that vi has >an undocumented feature. "[it was] designed to look for the >occurrence of a line that starts with the string "ei:" and use the >characters following the ei: as editor commands. This is NOT >documented." > >In other words, if someone on your system has a userid 'ei', >unexpected things will happen if you use vi to edit the password file. >The bulletin only warns about SysV versions of vi (specifically on >tahoes and Power 5/32s). It's only on sysV's version because I personally changed it on the BSD4.2 version; I have found out about it exactly as you describe - by editing the passwd file! As bugs usually do, it has just crept back when the original sources from AT&T were used for the sysV port. All that's needed to trigger it is a line containing 'ex:', 'vi:', 'ei:' or 'vx:' in the first or last 4 lines. -- Amos Shapir amos@nsc.com National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522261 TWX: 33691, fax: +972-52-558322 34 48 E / 32 10 N (My other cpu is a NS32532)
jc@minya.UUCP (John Chambers) (10/11/88)
In article <195@taux02.UUCP>, amos@taux02.UUCP (Amos Shapir) writes: > In article <13215@hqda-ai.ARPA> jay@hqda-ai.ARPA (Jay Heiser) writes: > >CCI, our SysV vender, has just posted a bulletin warning that vi has > >an undocumented feature. "[it was] designed to look for the > >occurrence of a line that starts with the string "ei:" and use the > >characters following the ei: as editor commands. This is NOT > >documented." > > > >In other words, if someone on your system has a userid 'ei', > >unexpected things will happen if you use vi to edit the password file. > >The bulletin only warns about SysV versions of vi (specifically on > >tahoes and Power 5/32s). A couple years back, a general bulletin was broadcast warning people to eradicate all versions of vi with this feature. The above problem is a minor problem compared to what could be done with it. Consider the effect of persuading a super-user to use vi to read file that ended with lines like: vi:!rm -rf /*unix* vi:q! There were several other amusing examples, such as invoking mail, changing ownership of files in /etc, and so on, often ending with a command to delete the vi: lines so the victim wouldn't see them. -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393) [Any errors in the above are due to failures in the logic of the keyboard, not in the fingers that did the typing.]