mju@mudos.ann-arbor.mi.us (Marc Unangst) (11/20/90)
A week or so ago, some of you may remember me posting a tale of woe describing my problems with SCO's SecureWare add-on security product. The problem was that /etc/auth/system/gr_id_map wasn't being recreated by the system, causing programs like cron(8) to be unable to find their group, and making all logins other than root on the OVERRIDE tty impossible. Well, it's fixed. The problem stemmed from a time I manually edited the /etc/group file to add a new group, instead of doing it through sysadmsh. I accidentally left a blank line at the end of the file, which caused the SecureWare code that creates /etc/auth/system/gr_id_map from /etc/group to silently barf. Apparently, since SCO tells you numerous times not to edit /etc/passwd or /etc/group manually, they feel justified in making their file parsers much pickier and less robust than they would have to be if real live humans were editing the files. IMHO, a poorly-placed blank line, especially at the END of a file, should not cause a system to crash in such a severe way -- even if there's "no possible way" that such a blank line could appear. The workaround, obviously, seems to be that you just have to be more careful when you do things Mother SCO doesn't approve of. I'm going to keep editing /etc/passwd and /etc/group and related files under /tcb by hand, simply because there's so much you *have* to do that way. For example, try to completely remove all traces of a user with sysadmsh. -- Marc Unangst | mju@mudos.ann-arbor.mi.us | "Bus error: passengers dumped" ...!umich!leebai!mudos!mju |