Site Navigation

Date:      Mon, 12 Nov 2001 08:08:37 -0800 (PST)
From:      John Baldwin <jhb@FreeBSD.org>
To:        "Crist J. Clark" <cristjc@earthlink.net>
Cc:        current@FreeBSD.ORG, Alexander Leidinger <Alexander@Leidinger.net>
Subject:   Re: daily run output & passwd diff
Message-ID:  <XFMail.011112080837.jhb@FreeBSD.org>
In-Reply-To: <20011110231511.G69195@blossom.cjclark.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On 11-Nov-01 Crist J. Clark wrote:
> On Fri, Nov 09, 2001 at 02:55:55PM +0100, Alexander Leidinger wrote:
>> Hi,
>> 
>> I think the CVS tag shouldn't be interpreted as an entry which contains
>> a password.
>> 
>> ---snip---
>> Backup passwd and group files:
>> 
>> 1c1
>> < # $FreeBSD:(password):09:07 peter Exp $
>> ---
>> > # $FreeBSD:(password):27:16 ache Exp $
>> 16a17
>> > www:(password):80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin
>> Magelan.Leidinger.net group diffs:
>> 1c1
>> < # $FreeBSD: src/etc/group,v 1.21 2001/10/18 16:53:20 sheldonh Exp $
>> ---
>> > # $FreeBSD: src/etc/group,v 1.22 2001/10/25 03:27:16 ache Exp $
>> 20a21
>> > www:*:80:
>> ---snip---
> 
> Makes sense. No need to hide the revision number.
> 
> Committed to -CURRENT. MFC 1 week.
> 
> Index: 200.backup-passwd
> ===================================================================
> RCS file: /home/ncvs/src/etc/periodic/daily/200.backup-passwd,v
> retrieving revision 1.8
> diff -u -r1.8 200.backup-passwd
> --- 200.backup-passwd   2000/09/14 17:19:10     1.8
> +++ 200.backup-passwd   2001/11/11 07:09:49
> @@ -42,7 +42,7 @@
>                 [ $rc -lt 1 ] && rc=1
>                 echo "$host passwd diffs:"
>                 diff $bak/master.passwd.bak /etc/master.passwd |\
> -                       sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
> +                       sed 's/^\([<>] [^#][^:]*\):[^:]*:/\1:(password):/'
>                 mv $bak/master.passwd.bak $bak/master.passwd.bak2
>                 cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
>             fi

What if someone comments out a line in the password file of a user?  Then this
won't hide that password.  When this originally went in, it took a long while
to get a sed line people were happy with.  Replacing the version number is a
minor thing, but getting it to work perfectly may be a bit difficult.  If you
do this, I'd rather you make sed handle the $FreeBSD$ case as a completely
separate case, so something like:

sed -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed does
multiple expressions).

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011112080837.jhb>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact