On 4/11/06, Dennis Clarke <[EMAIL PROTECTED]> wrote: [snip] > > Do we need vipw to safely edit the /etc/passwd file ? >
YES!!! absolutely, people make mistakes, and no one wants to go down to the datacenter or even the basement, and boot the system with an emergency disk or install disk to fix broken passwd files. [snip] I think the needed change is adding a symlink to /sbin/vipw, vipw has saved my rear end more times than i care to admit in Linux, and I always forget about /usr/ucb on solaris or it might of saved me a couple times on solaris as well. reasons for this change Pros: it would help new converts and old unix gurus have access to an extra level of safety and security, no namespace conflicts Cons: adds one more filename to /usr/sbin, and uses dozen or bytes on the filesystem if no one disagrees too much, i will be filing an RFE for this later today. James Dickens uadmin.blogspot.com > DESCRIPTION > vipw edits the password file while setting the appropriate > locks, and does any necessary processing after the password > file is unlocked. If the password file is already being > edited, then you will be told to try again later. The vi(1) > editor will be used unless the environment variable VISUAL > or EDITOR indicates an alternate editor. > > vipw performs a number of consistency checks on the password > entry for root, and will not allow a password file with a > "mangled" root entry to be installed. It also checks the > /etc/shells file to verify the login shell for root. > > The very end of the manpage also says this : > > SEE ALSO > passwd(1), vi(1), passwd(4), attributes(5) > > SunOS 5.10 Last change: 14 Sep 1992 1 > > That would be 1992 right ? The year that I totally stopped using the Apollo > systems and pretty much gave up years with DEC VMS and moved over to early > Solaris. As in 14 years ago. > > Well, perhaps this manpage has not be touched in 14 years because "if its > not broke then don't fix it". I then look for this thing : > > $ which vipw > no vipw in /usr/xpg4/bin /sbin /bin /usr/sbin /usr/bin /usr/dt/bin > /usr/openwin/bin /usr/ccs/bin > > Note that my PATH has /usr/xpg4/bin first. My shell is : > > $ echo $SHELL > /usr/xpg4/bin/sh > > Yes, I am somewhat old fashioned and I still think that vi is pretty cool > and that emacs is a lifestyle choice. :-) > > This system is a Solaris Neveda build 35 system complete with a 800G ZFS > pool and I can not find this vipw in my PATH. I look around and find it > here : > > $ ls /usr/ucb/vipw > /usr/ucb/vipw > $ grep /usr/ucb/vipw /var/sadm/install/contents > /usr/ucb/vipw f none 0555 root bin 13172 23545 1141458063 SUNWscpu > $ pkginfo -l SUNWscpu > PKGINST: SUNWscpu > NAME: Source Compatibility, (Usr) > CATEGORY: system > ARCH: sparc > VERSION: 11.11,REV=2006.03.03.13.51 > BASEDIR: / > VENDOR: Sun Microsystems, Inc. > DESC: utilities for user interface and source build compatibility > with SunOS 4.x > PSTAMP: juarez20060303140516 > INSTDATE: Mar 26 2006 22:31 > HOTLINE: Please contact your local service provider > STATUS: completely installed > FILES: 144 installed pathnames > 8 shared pathnames > 1 linked files > 11 directories > 64 executables > 2763 blocks used (approx) > > That does say "source build compatibility with SunOS 4.x" there right? > > The source to this old guy is in usr/src/ucbcmd/vipw/vipw.c and it boldly > says : > > /* > * Portions of this source code were derived from Berkeley 4.3 BSD > * under license from the Regents of the University of California. > */ > > See the whole thing at : > > http://polaris.blastwave.org/browser/on/trunk/usr/src/ucbcmd/vipw/vipw.c > > Now I have seen a lot of tools come and go. There was admintool once upon a > time and it is nowhere to be found in the sources. This vipw thing seems to > be the UNIX standard way to edit the /etc/passwd file but it may have been > invented before the /etc/shadow file was a glimmer of a thought. Certainly > in the days of yellow pages and NIS and well before LDAP. > > So I can not see a reason why a person needs vipw to edit the /etc/passwd > file and good old vi ( mine is /usr/xpg4/bin/vi ) will do the job nicely and > safely. The correct way may be simply to use usermod(1M) and not ever edit > /etc/passwd directly. > > I recently adopted a "style" of doing things that may be "Linux like" and > thus a bad thing in the strict UNIX world. I began to put my root user in a > home directory of /root along with all of the dot files that get created for > the root user. Like the .sunw directory which seems to appear out of > nowhere. Certainly .profile and ( *gasp* ) .bash_history ! I really do not > want to see these things all over my / area. I was recently told this is a > very "bad thing" and that it harms the way vipw works. I never heard of > vipw, certainly not since Madonna was still making hit records, on vinyl. > > Or am I mistaken here ? Old fashioned and confused ? > > Thus I sit with coffee in hand and hope for some illumination please. If > not for my sake then to perhaps put some old ways of doing things to rest. > > -- > Dennis Clarke > > _______________________________________________ > opensolaris-discuss mailing list > opensolaris-discuss@opensolaris.org > _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
