phil@sequel.UUCP (06/20/83)
Be very careful with the shell script "vipw" under 4.1c. It can and will wipe out your passwd file. A problem occurs if someone runs the passwd command while you are running vipw. The next time you run vipw, you zero out the passwd file. Yes, you hear me right. The problem is in how vipw and passwd(1) lock the passwd file. If you glance at vipw, you will notice it creates /etc/vipw.lock by copying /dev/null to it. It trys to link to this file and create /etc/ptmp since this is the file used to lock the passwd file. If this link fails then someone is changing their passwd and the passwd file is busy. This is cool. The problem is when this succeeds and you are busy editing the passwd file and someone decides to change their passwd. The passwd command in 4.1c just does a fancy open with the options to set an advisary lock. This does not take into account the file may already exist! It then copys the passwd file into this supposed safe tmp file and renames this file as /etc/passwd (remember you still have a link to it called vipw.lock). You probably smell a rat by now. Your only indication that something is amiss is that vipw complains about not being able to remove /etc/ptmp. Humm. The next time you run vipw it promptly copys /dev/null to vipw.lock which just happens to be linked to /etc/passwd. Goodbye passwd file. This happend to us. Really nasty problem. As a side issue, we crashed 10 seconds later. The 4.1 passwd command uses the access() call to determine the passwd file is busy (/etc/ptmp exists) and exits printing a message about the passwd file being busy. I am not sure why the locking stuff was changed since access() still exists. I think we are going to change vipw to a C program that obeys the convention of advisary locks (the other fix is to use the old passwd command or use the access() call). Phil Hochstetler (503) 626-5700 Sequel Computer Systems, Inc. Portland, Oregon uucp: ogcvax!sequel!phil pur-ee!sequel!phil