Comments in /etc/passwd
Ray E Saddler III
ray3rd at ssc-vax.UUCP
Tue Jan 10 04:46:34 AEST 1989
In article <18759 at agate.BERKELEY.EDU>, barn at paxton.ced.berkeley.edu (Gary Barnette) asks:
>
> Can somone tell me if it is OK to have comments ( #... )
> in /etc/passwd. Passwd(5) doesn't tell me. Running
> BSD 4.2 version 3.2 on Suns.
>
First of all, the answer to your question is Yes, but you must be
extremely careful to avoid security holes which can be created by
the /bin/passwd tool).
Potential holes that I know of allow a regular user to become root
with a cimple su "" command, due to blank lines. Example:
joe:pH1mdTEucLHNU:109:100:Joe User:/user/joe:
mary:4WvYhG2tLc72:201:200:Mary Hacker:/user/mary:
When passwd is run, this will end up looking like:
joe:pH1mdTEucLHNU:109:100:Joe User:/user/joe:
::0:0:::
mary:4WvYhG2tLc72:201:200:Mary Hacker:/user/mary:
Rule #1.....Don't have blank lines in /etc/passwd
Rule #2.....Pay attention to the structure required by passwd
Rule #3.....Comply with the rules.
What I recommend is reserving a uid for comments, I use 99999, and
writing your comment lines something like this:
joe:pH1mdTEucLHNU:109:100:Joe User:/user/joe:
-:-:99999:200:-:-:
-:-:99999:200:-:-: Programming staff
-:-:99999:200:-:-:
mary:4WvYhG2tLc72:201:200:Mary Hacker:/user/mary:
I like to have my comments a bit visible, which is why there is a
'blank line' effect. This seems a bit crude, but it works for me.
--
| Ray E. Saddler III | __ __ __ __ | Path: ..!ssc-vax!ray3rd |
| Boeing Aerospace | / / / // //| // | From: ray3rd at ssc-vax.UUCP |
| P.O. Box 3999 m.s. 3R-05 | /-< / //- // |// _ |---------------------------|
| Seattle, Wa. 98124 USA | /__//_//__ // //__/ | VoiceNet: (206) 657-2824 |
More information about the Comp.unix.questions
mailing list