From owner-freebsd-current Mon Nov 12 19: 2:34 2001 Delivered-To: freebsd-current@freebsd.org Received: from robin.mail.pas.earthlink.net (robin.mail.pas.earthlink.net [207.217.120.65]) by hub.freebsd.org (Postfix) with ESMTP id D4C3E37B405; Mon, 12 Nov 2001 19:02:28 -0800 (PST) Received: from blossom.cjclark.org (dialup-209.245.131.33.Dial1.SanJose1.Level3.net [209.245.131.33]) by robin.mail.pas.earthlink.net (8.11.5/8.9.3) with ESMTP id fAD32JX22197; Mon, 12 Nov 2001 19:02:20 -0800 (PST) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id fAD32Fe46121; Mon, 12 Nov 2001 19:02:15 -0800 (PST) (envelope-from cjc) Date: Mon, 12 Nov 2001 19:02:15 -0800 From: "Crist J. Clark" To: John Baldwin Cc: current@FreeBSD.org, Alexander Leidinger Subject: Re: daily run output & passwd diff Message-ID: <20011112190215.C45158@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20011110231511.G69195@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jhb@FreeBSD.org on Mon, Nov 12, 2001 at 08:08:37AM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Nov 12, 2001 at 08:08:37AM -0800, John Baldwin wrote: > > On 11-Nov-01 Crist J. Clark wrote: > > On Fri, Nov 09, 2001 at 02:55:55PM +0100, Alexander Leidinger wrote: > >> Hi, > >> > >> I think the CVS tag shouldn't be interpreted as an entry which contains > >> a password. > >> > >> ---snip--- > >> Backup passwd and group files: > >> > >> 1c1 > >> < # $FreeBSD:(password):09:07 peter Exp $ > >> --- > >> > # $FreeBSD:(password):27:16 ache Exp $ > >> 16a17 > >> > www:(password):80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin > >> Magelan.Leidinger.net group diffs: > >> 1c1 > >> < # $FreeBSD: src/etc/group,v 1.21 2001/10/18 16:53:20 sheldonh Exp $ > >> --- > >> > # $FreeBSD: src/etc/group,v 1.22 2001/10/25 03:27:16 ache Exp $ > >> 20a21 > >> > www:*:80: > >> ---snip--- > > > > Makes sense. No need to hide the revision number. > > > > Committed to -CURRENT. MFC 1 week. > > > > Index: 200.backup-passwd > > =================================================================== > > RCS file: /home/ncvs/src/etc/periodic/daily/200.backup-passwd,v > > retrieving revision 1.8 > > diff -u -r1.8 200.backup-passwd > > --- 200.backup-passwd 2000/09/14 17:19:10 1.8 > > +++ 200.backup-passwd 2001/11/11 07:09:49 > > @@ -42,7 +42,7 @@ > > [ $rc -lt 1 ] && rc=1 > > echo "$host passwd diffs:" > > diff $bak/master.passwd.bak /etc/master.passwd |\ > > - sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' > > + sed 's/^\([<>] [^#][^:]*\):[^:]*:/\1:(password):/' > > mv $bak/master.passwd.bak $bak/master.passwd.bak2 > > cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 > > fi > > What if someone comments out a line in the password file of a user? Then this > won't hide that password. When this originally went in, it took a long while > to get a sed line people were happy with. Replacing the version number is a > minor thing, but getting it to work perfectly may be a bit difficult. If you > do this, I'd rather you make sed handle the $FreeBSD$ case as a completely > separate case, so something like: > > sed -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed does > multiple expressions). I thought about this, but then thought, "Who ever just comments out password entries without clearing the password too?" I guess the answer is, some people do. How about, sed -E 's/^([<>] [^:]*):[^:]*:(([0-9]+:){2}[^:]*(:[0-9]+){2}(:[^:]*){3}$)/\1:(password)\2/' Which only touches entries that match the password format exactly, but includes commented out ones? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message