ray3rd@ssc-vax.UUCP (Ray E Saddler III) (06/30/87)
I have been attempting to comment /etc/passwd with pound signs, like 'cap files and the like to help keep groups distinguished, and notated. (Yes, I am aware of /etc/group, and I do use it) 8^} Comments work fine, and don't cause a problem for login(1), but I get strange entries around the comments after passwd(1) is run. [Ray includes here an example of how using "#" comments in /etc/passwd get munged up after /bin/passwd is used to change a password. As comments per se aren't defined for /etc/passwd, except for the contents of the GCOS field, the question becomes one of administrative procedure. What have other sites done to help their administrator(s) keep track of what "kinds" of users are authorized on the system? -mod] -- Ray E. Saddler III CAD Support and Administration | __ __ __ __ Boeing Aerospace Company Ballistic Systems Division | / / / // //| // P.O. Box 3999 M.S. 3R-05 Kent Space Center East | /-< / //- // |// _ Seattle, Wa. 98124 USA (206)657-2824 or (206)657-3369 | /__//_//__ // //__/
john@xanth.cs.odu.edu (John Owens) (07/16/87)
> What have other sites done to help their administrator(s) keep track of > what "kinds" of users are authorized on the system? -mod] Well, Kyle Jones <kyle@odu.edu> wrote a wonderful program called "mcp", which has been posted in comp.sources.unix. For keeping track of "kinds" of users, it uses groups in conjunction with "vigs", "sigs", and "classes". A "vig", a Very Important Group, is one where membership in the group suffices to account for the user. Examples here are "staff" and "faculty". Special Interest Groups and Classes are, essentially, identical: sig - an mcp abstraction with the following attributes: o Name o Expiration date (optional) o Description Sigs are created using add-sig and users may be subsequently added to them via add-to-sig. Sigs are not automatically deleted when they expire. However the system administrator can use mcp -c to report any expired sigs. Users who are not in a vig, a sig, or a class are considered "deadbeats". There's lots more to it - take a look at the program. We hardly even look at the passwd, group, and aliases files any more.... -- John Owens Old Dominion University - Norfolk, Virginia, USA john@ODU.EDU old arpa: john%odu.edu@RELAY.CS.NET +1 804 440 4529 old uucp: {seismo,harvard,sun,hoptoad}!xanth!john
strick@gt-stratus.UUCP (henry strickland) (07/16/87)
In article <981@mcdchg.UUCP> ray3rd@ssc-vax.UUCP (Ray E Saddler III) writes: >I have been attempting to comment /etc/passwd with pound signs, like >'cap files and the like to help keep groups distinguished, and notated. >(Yes, I am aware of /etc/group, and I do use it) 8^} On my masscomps I use a passwd-entry-like format for comments in my passwd files, like this: ______:______:8:8: SUPERUSERS :/:/______________ root:IaFZenWhNkyyl:0:0:Superuser:/: croot:IaFZenWhNkyyl:0:0:Superuser:/:/bin/csh kroot:IaFZenWhNkyyl:0:0:Superuser:/:/bin/ksh daemon:xx:1:1:Daemons:/: bin:xx:2:1:Commands:/bin: ______:______:8:8: FREEBIES :/:/______________ sync::3:3:Sync disks command:/etc:/bin/sync who::3:3:Who command:/etc:/bin/who ______:______:8:8: REAL USERS :/:/______________ strick:8yfSuix/wijos:103:50:henry strickland:/u/strick:/bin/csh The underscores seem to be good visual delimiters, and placed in the right places, make sure no program can sucessfully log in a bogus "______" user. Be *SURE* and put a nonzero NUMBER and not bogosity for the uid field, because if someone does find a way to make the line work, you'd rather them be uid 8 rather than uid 0 (which is what atoi() will interpret a nonnumber to be). "passwd" has no problem with these on my masscomps.