Path: utzoo!utgpu!attcan!uunet!lll-winken!ames!mailrus!cornell!uw-beaver!blake!ogccse!littlei!omepd!merlyn From: merlyn@intelob.biin.com (Randal L. Schwartz @ Stonehenge) Newsgroups: comp.unix.questions Subject: Re: Comments in /etc/passwd Keywords: passwd comments Message-ID: <4034@omepd.UUCP> Date: 6 Jan 89 21:48:22 GMT References: <18759@agate.BERKELEY.EDU> <934@ccncsu.ColoState.EDU> Sender: news@omepd.UUCP Reply-To: merlyn@intelob.biin.com (Randal L. Schwartz @ Stonehenge) Organization: Stonehenge; netaccess via BiiN, Hillsboro, Oregon, USA Lines: 47 In-reply-to: steved@longs.LANCE.ColoState.Edu (Steve Dempsey) In article <934@ccncsu.ColoState.EDU>, steved@longs (Steve Dempsey) writes: | In article <18759@agate.BERKELEY.EDU> barn@paxton.ced.berkeley.edu (Gary Barnette) writes: | > | > Can somone tell me if it is OK to have comments ( #... ) | > in /etc/passwd. Passwd(5) doesn't tell me. Running | > BSD 4.2 version 3.2 on Suns. | | I can't think of any stock 4.[23]/SunOS code that is likely to break. I can think of one: passwd(1). I don't have access to the source (it's funny when vendors think that they have to lock up the source from a contractor when I've been staring at the source since V6, but that's another story), but I'm pretty sure that passwd(1) copies the /etc/passwd file through a loop of: while (getpwent(&foo)) { if foo.pw_name = "the thing getting changed" muck with foo struct fprintf(newpwdfile, "%s:%s:%s...", foo.pw_name, foo.pw_passwd, ...); } and if getpwent gets an error record, you get back a zeroed-out structure. Yuck. That's what makes the famous: ::0:0::: record that allows BSD's /bin/rsh to login as root with no password! I think this has been fixed in the latest passwd(1)'s but I bet your non-conforming entries will still get tossed the next time someone changes their password. | For my own utilities that might not be robust enough (:-) and anything else | that may be lurking, I'd make the comment in the form of a legitimate passwd | entry - something like this: | | #:*:-99:-99:*** comments go here ***:/:/nologinshell I like this better. Just make sure that the password is really bad, and not null. I don't think this would break anything. (Of course, if it does, y'all will be quick to tell me, eh?) -- Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 on contract to BiiN Technical Information Services (for now :-), in a former Intel building in Hillsboro, Oregon, USA. or ...!tektronix!inteloa[!intelob]!merlyn SOME MAILERS REQUIRE GRRRRR! Standard disclaimer: I *am* my employer!