Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!cornell!uw-beaver!fluke!ssc-vax!ray3rd
From: ray3rd@ssc-vax.UUCP (Ray E Saddler III)
Newsgroups: comp.unix.questions
Subject: Re: Comments in /etc/passwd
Summary: #
	 # making comments in /etc/passwd, a suggested method
	 #
Keywords: passwd
Message-ID: <2465@ssc-vax.UUCP>
Date: 9 Jan 89 18:46:34 GMT
References: <18759@agate.BERKELEY.EDU>
Organization: Boeing Aerospace Corp., Seattle WA
Lines: 51

In article <18759@agate.BERKELEY.EDU>, barn@paxton.ced.berkeley.edu (Gary Barnette) asks:
> 
> 	Can somone tell me if it is OK to have comments ( #... )
> 	in /etc/passwd. Passwd(5) doesn't tell me. Running
> 	BSD 4.2 version 3.2 on Suns.
> 

First of all, the answer to your question is Yes, but you must be
extremely careful to avoid security holes which can be created by
the /bin/passwd tool).

Potential holes that I know of allow a regular user to become root
with a cimple su "" command, due to blank lines.  Example:


joe:pH1mdTEucLHNU:109:100:Joe User:/user/joe:
 
mary:4WvYhG2tLc72:201:200:Mary Hacker:/user/mary:


	When passwd is run, this will end up looking like:


joe:pH1mdTEucLHNU:109:100:Joe User:/user/joe:
::0:0:::
mary:4WvYhG2tLc72:201:200:Mary Hacker:/user/mary:


Rule #1.....Don't have blank lines in /etc/passwd
Rule #2.....Pay attention to the structure required by passwd
Rule #3.....Comply with the rules.


What I recommend is reserving a uid for comments, I use 99999, and
writing your comment lines something like this:


joe:pH1mdTEucLHNU:109:100:Joe User:/user/joe:
-:-:99999:200:-:-:
-:-:99999:200:-:-: Programming staff
-:-:99999:200:-:-:
mary:4WvYhG2tLc72:201:200:Mary Hacker:/user/mary:


I like to have my comments a bit visible, which is why there is a
'blank line' effect.  This seems a bit crude, but it works for me.
-- 
| Ray E. Saddler III       |    __  __ __       __ |   Path: ..!ssc-vax!ray3rd |
| Boeing Aerospace         |   / / / //   //| //   | From: ray3rd@ssc-vax.UUCP |
| P.O. Box 3999 m.s. 3R-05 |  /-< / //-  // |// _  |---------------------------|
| Seattle, Wa.  98124  USA | /__//_//__ //  //__/  |  VoiceNet: (206) 657-2824 |