Dangers of vi & passwd (Was Re: SVR3 passwd changes mode of passwd file)
Jay Hiser
jay at hqda-ai.ARPA
Fri Oct 7 04:47:43 AEST 1988
Not only is it a really bad idea to edit /etc/passwd without locking
it (normally /etc/ptmp is the lock file), but SysV vi has an interesting
bug/feature that can cause a problem.
CCI, our SysV vender, has just posted a bulletin warning that vi has
an undocumented feature. "[it was] designed to look for the
occurrence of a line that starts with the string "ei:" and use the
characters following the ei: as editor commands. This is NOT
documented."
In other words, if someone on your system has a userid 'ei',
unexpected things will happen if you use vi to edit the password file.
The bulletin only warns about SysV versions of vi (specifically on
tahoes and Power 5/32s).
Watch out with the /etc/group & inittab files too.
ONE MORE CONCERN: if you've implemented password aging (I think its
an excellent idea, sysV does exercise some control over changed
passwords, so its fairly secure -- its a good idea for our conditions
at least), users must change their password at login once they've
expired. If you're hacking around in the password file & its locked,
they won't be able to login until you're done. Be aware.
Jay Heiser
The Phantom SysAdmin
More information about the Comp.unix.questions
mailing list