From owner-freebsd-current Mon Nov 12 8: 9: 0 2001 Delivered-To: freebsd-current@freebsd.org Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205]) by hub.freebsd.org (Postfix) with ESMTP id AC86337B430 for ; Mon, 12 Nov 2001 08:08:41 -0800 (PST) Received: (qmail 22329 invoked from network); 12 Nov 2001 16:08:40 -0000 Received: from unknown (HELO laptop.baldwin.cx) ([64.81.54.73]) (envelope-sender ) by mail5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 12 Nov 2001 16:08:40 -0000 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20011110231511.G69195@blossom.cjclark.org> Date: Mon, 12 Nov 2001 08:08:37 -0800 (PST) From: John Baldwin To: "Crist J. Clark" Subject: Re: daily run output & passwd diff Cc: current@FreeBSD.ORG, Alexander Leidinger Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 11-Nov-01 Crist J. Clark wrote: > On Fri, Nov 09, 2001 at 02:55:55PM +0100, Alexander Leidinger wrote: >> Hi, >> >> I think the CVS tag shouldn't be interpreted as an entry which contains >> a password. >> >> ---snip--- >> Backup passwd and group files: >> >> 1c1 >> < # $FreeBSD:(password):09:07 peter Exp $ >> --- >> > # $FreeBSD:(password):27:16 ache Exp $ >> 16a17 >> > www:(password):80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin >> Magelan.Leidinger.net group diffs: >> 1c1 >> < # $FreeBSD: src/etc/group,v 1.21 2001/10/18 16:53:20 sheldonh Exp $ >> --- >> > # $FreeBSD: src/etc/group,v 1.22 2001/10/25 03:27:16 ache Exp $ >> 20a21 >> > www:*:80: >> ---snip--- > > Makes sense. No need to hide the revision number. > > Committed to -CURRENT. MFC 1 week. > > Index: 200.backup-passwd > =================================================================== > RCS file: /home/ncvs/src/etc/periodic/daily/200.backup-passwd,v > retrieving revision 1.8 > diff -u -r1.8 200.backup-passwd > --- 200.backup-passwd 2000/09/14 17:19:10 1.8 > +++ 200.backup-passwd 2001/11/11 07:09:49 > @@ -42,7 +42,7 @@ > [ $rc -lt 1 ] && rc=1 > echo "$host passwd diffs:" > diff $bak/master.passwd.bak /etc/master.passwd |\ > - sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' > + sed 's/^\([<>] [^#][^:]*\):[^:]*:/\1:(password):/' > mv $bak/master.passwd.bak $bak/master.passwd.bak2 > cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 > fi What if someone comments out a line in the password file of a user? Then this won't hide that password. When this originally went in, it took a long while to get a sed line people were happy with. Replacing the version number is a minor thing, but getting it to work perfectly may be a bit difficult. If you do this, I'd rather you make sed handle the $FreeBSD$ case as a completely separate case, so something like: sed -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed does multiple expressions). -- John Baldwin -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message