On Friday May 18 2007 11:13, Jan Dvořák wrote: > Well, I always thought shadow is bloated, but rewriting the whole thing? > If we stick to GNU/Linux and forget about everything else, just > concentrate on what HLFS/BLFS needs... yes, sounds doable. > > And as I look on the installed executables of shadow; what are those > like newgrp and others having letter 'g' in them for? I've never even > heard of them being used...
gpasswd is "group password". Anything in shadow/src/ that starts with a 'g' is a group utility. Some of the utilities are silly, like 'pwck/grpck'. They're 24kb each, and check if the /etc/shadow file is formated correctly. This could be moved to libshadow so the checking is done whenever /etc/shadow is opened. It's usefull as a separate program only if you build an /etc/passwd file by hand, but if 'adduser' and 'passwd' can use a '--directory=' option then it's not needed. The 'newusers' program, 28kb, adds new users and groups from a list in a text file. Passwords are cleartext. A shell script could do this, and with hashed passwords. 'chpasswd' is almost the same. 'mkpasswd' functionality could be moved to 'passwd', with a --stdout option. 'mkpasswd' creates random passwords... what is this good for??? I can see uses for --stdout, for sending someone your hashed password. 'openssl passwd' does the same thing btw. 'vipw' could refuse to use an editor not owned by root, like if root has EDITOR=/home/user/bin/vim. Just an idea. 'vipw' does the same checks as 'pwck', which is another reason the check routine should be in libshadow. The 'groups' program does what 'id' already does. 'chage', 'chsh', 'chfn', and 'expiry', all do what 'usermod' does. They're redundant. For compatibility these programs, and manual pages, could be symlinked to 'usermod', to emulate those commands based on program-name (like busybox does). 'groupadd' and 'groupdel' share duplicate code (grp_update). 'useradd' and 'userdel' probably do too. These could be merged into a single program 1/3rd the size. These changes, plus the removal of PAM and Selinux, would reduce the source code by more than half. Making these utilities small isn't my goal, but the way they are now is ridicules... half of the code is duplicate functions. In bsd most of these programs share a pwdb library function (which includes the file format checking routines) to make changes to the password/user/group databases. NIS/YP could be handled in there too, instead of by each program. It might be tricky to keep compatibility with other packages, like kerberos. I haven't looked at how glibc/uclibc supports shadow-passwords. As far as I know nothing outside of shadow-utils should link to libshadow... programs like kerberos should get shadow-password support from libc. robert
pgpcd7lLvL7cp.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
