On 10/30/14 17:19, Peter J. Philipp wrote: I think I found something and Vijay found it but is being modest. Let me show you:
> your script didn't work for me with /bin/sh so I modified it, and > changed the logger's to echos so that I don't pollute my logs. I have > found a small race in your script and I'd like to address it with an > expect script I wrote for you: > > #!/usr/local/bin/expect -- > > spawn ./vijays-mypasswd.sh > expect Changing > stty cooked > expect Old?password: > send \n > send "^C" This by the way is a control-v control-c pasting won't help. > stty raw > expect -re ^Unsuccessful > > > Also I have provided to you my version of vijays-mypasswd.sh > > ---- > #!/bin/sh > > trap "" 2 > > /usr/bin/passwd -l > if [ $? -eq 0 ]; then This error code is wrong, it should be -ne (not equal) 0. However passwd -l does give different answers in its return code let me explain: mercury$ passwd -l Changing local password for pjp. Old password: <--- entered just a return Password unchanged. mercury$ echo $? 0 Vijay's script here would have said "Changed login password", but master.passwd was likely not updated. mercury$ passwd -l Changing local password for pjp. Old password: <----- entered "test" for testing purposes passwd: Permission denied passwd: /etc/master.passwd: unchanged mercury$ echo $? 1 Vijay's script here would have said "Unsuccessful attempt to change password". mercury$ passwd -l Changing local password for pjp. Old password:<-- entered correct password New password:<-- entered just a return Password unchanged. mercury$ echo $? 0 Vijay's script here would have said "Changed login password" but master.passwd was not changed. That leaves one remaining possibility and it should return 0, it's changing the password: mercury$ passwd -l Changing local password for pjp. Old password: New password: Please enter a longer password. New password: Please use a more complicated password. Please use a different password. Unusual capitalization, control characters, or digits are suggested. New password: Retype new password: mercury$ echo $? 0 Vijays script would have said "Changed login password". > echo "Unsuccessful attempt to change password" > else > echo "Changed login password" > fi > ---- > > > Notice the trap, hash it out to see what doesn't happen. > > Regards, > > -peter > So in conclusion Vijay would have wrong logs and he'd be wondering why someone changed their password but the password file stamp was not updated. I'll leave the debate to someone else on what is correct in the code :-). Cheers, -peter
