/etc/profile, mk[passwd|group|group_l_d] messages
Hi all, Igor and I have been having a chat about the warning/error messages which appear when there's something wrong with /etc/[passwd|group]. Here's what we are considering so far... case "`id -ng`" in mkpasswd ) echo "The /etc/passwd (and possibly /etc/group) files need to be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup ) echo "The /etc/group (and possibly /etc/passwd) files need to be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup_l_d ) echo "The /etc/group file doesn't contain the domain groups." echo "See the man page for mkgroup and then, for example, run" echo "mkgroup -l -d > /etc/group" echo "as appropriate." echo echo "You can safely ignore this message" echo "To stop it displaying, please edit /etc/profile" ;; esac but neither of us is 100% sure this is correct, Pierre, Corinna, [anyone else ;) ] any comments/opinions?... J. == Information in this email and any attachments are confidential, and may not be copied or used by anyone other than the addressee, nor disclosed to any third party without our permission. There is no intention to create any legally binding contract or other binding commitment through the use of this electronic communication unless it is issued in accordance with the Experian Limited standard terms and conditions of purchase or other express written agreement between Experian Limited and the recipient Experian Limited (registration number 653331) Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF
Re: /etc/profile, mk[passwd|group|group_l_d] messages
John, I like having 3 separate messages. Perhaps you could add an introduction such as echo "Your group is currently \"mkpasswd\". This indicates that .." The first two cases should never occur, except in rare cases of postinstall screw up or if the files get deleted somehow. The last case is the norm for domain users. It is correct that the message can be safely ignored. Just a thought: you could consider displaying it only once, e.g. by sed'ing /etc/group to change mkgroup_l_d to mkgroup-l-d. Neither /etc/passwd nor /etc/group are complete (because the primary domain controller is not contacted during postinstall). So the message should advise but not mandate to rebuild both. echo "The /etc/passwd and /etc/group files should be completed." echo "See the man pages .. Pierre "Morrison, John" wrote: > > Hi all, > > Igor and I have been having a chat about the warning/error messages > which appear when there's something wrong with /etc/[passwd|group]. > > Here's what we are considering so far... > > case "`id -ng`" in > mkpasswd ) > echo "The /etc/passwd (and possibly /etc/group) files need to be > rebuilt." > echo "See the man pages for mkpasswd and mkgroup then, for example, > run" > echo "mkpasswd -l [-d] > /etc/passwd" > echo "mkgroup -l [-d] > /etc/group" > echo "as appropriate. Note that the -d switch is necessary for" > echo "domain users." > ;; > mkgroup ) > echo "The /etc/group (and possibly /etc/passwd) files need to be > rebuilt." echo "See the man pages for mkpasswd and mkgroup then, > for example, run" echo "mkpasswd -l [-d] > /etc/passwd" > echo "mkgroup -l [-d] > /etc/group" > echo "as appropriate. Note that the -d switch is necessary for" > echo "domain users." ;; > mkgroup_l_d ) > echo "The /etc/group file doesn't contain the domain groups." > echo "See the man page for mkgroup and then, for example, run" > echo "mkgroup -l -d > /etc/group" > echo "as appropriate." > echo > echo "You can safely ignore this message" > echo "To stop it displaying, please edit /etc/profile" > ;; > esac > > but neither of us is 100% sure this is correct, Pierre, Corinna, > [anyone else ;) ] any comments/opinions?... > > J. > > == > Information in this email and any attachments are confidential, and may > not be copied or used by anyone other than the addressee, nor disclosed > to any third party without our permission. There is no intention to > create any legally binding contract or other binding commitment through > the use of this electronic communication unless it is issued in accordance > with the Experian Limited standard terms and conditions of purchase or > other express written agreement between Experian Limited and the recipient > Experian Limited (registration number 653331) > Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF
RE: /etc/profile, mk[passwd|group|group_l_d] messages
Pierre A. Humblet wrote: > John, > > I like having 3 separate messages. > Perhaps you could add an introduction such as >echo "Your group is currently \"mkpasswd\". This indicates > that .." Good idea :) > The first two cases should never occur, except in rare cases of > postinstall screw up or if the files get deleted somehow. > > The last case is the norm for domain users. > It is correct that the message can be safely ignored. > Just a thought: you could consider displaying it only once, > e.g. by sed'ing /etc/group to change mkgroup_l_d to mkgroup-l-d. > Neither /etc/passwd nor /etc/group are complete (because the > primary domain controller is not contacted during postinstall). > So the message should advise but not mandate to rebuild both. > echo "The /etc/passwd and /etc/group files should be completed." echo > "See the man pages .. > > > Pierre Hows this...? (edit inline) case "`id -ng`" in mkpasswd ) echo "Your group is currently \"`id -ng`\". This indicates that echo "the /etc/passwd (and possibly /etc/group) files should be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup ) echo "The /etc/group (and possibly /etc/passwd) files need to be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup_l_d ) echo "The /etc/group file doesn't contain the domain groups." echo "See the man page for mkgroup and then, for example, run" echo "mkgroup -l -d > /etc/group" echo "as appropriate." echo echo "You can safely ignore this message" # only display the above once cat /etc/group | sed -e 's/mkgroup_l_d/mkgroup-l-d/g' > /etc/group.new mv /etc/group /etc/group.mkgroup_l_d mv /etc/group.new /etc/group ;; esac J. == Information in this email and any attachments are confidential, and may not be copied or used by anyone other than the addressee, nor disclosed to any third party without our permission. There is no intention to create any legally binding contract or other binding commitment through the use of this electronic communication unless it is issued in accordance with the Experian Limited standard terms and conditions of purchase or other express written agreement between Experian Limited and the recipient Experian Limited (registration number 653331) Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF
RE: /etc/profile, mk[passwd|group|group_l_d] messages
Pierre A. Humblet wrote: > John, > > I like having 3 separate messages. > Perhaps you could add an introduction such as >echo "Your group is currently \"mkpasswd\". This indicates > that .." Good idea :) > The first two cases should never occur, except in rare cases of > postinstall screw up or if the files get deleted somehow. > > The last case is the norm for domain users. > It is correct that the message can be safely ignored. > Just a thought: you could consider displaying it only once, > e.g. by sed'ing /etc/group to change mkgroup_l_d to mkgroup-l-d. > Neither /etc/passwd nor /etc/group are complete (because the > primary domain controller is not contacted during postinstall). > So the message should advise but not mandate to rebuild both. > echo "The /etc/passwd and /etc/group files should be completed." > echo "See the man pages .. > > > Pierre Hows this...? (edit inline) oops, corrected some typos. case "`id -ng`" in mkpasswd ) echo "Your group is currently \"`id -ng`\". This indicates that" echo "the /etc/passwd (and possibly /etc/group) files should be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup ) echo "Your group is currently \"`id -ng`\". This indicates that" echo "the /etc/group (and possibly /etc/passwd) files should be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup_l_d ) echo "The /etc/group file doesn't contain the domain groups." echo "See the man page for mkgroup and then, for example, run" echo "mkgroup -l -d > /etc/group" echo "as appropriate." echo echo "You can safely ignore this message" # only display the above once cat /etc/group | sed -e 's/mkgroup_l_d/mkgroup-l-d/g' > /etc/group.new mv /etc/group /etc/group.mkgroup_l_d mv /etc/group.new /etc/group ;; esac J. == Information in this email and any attachments are confidential, and may not be copied or used by anyone other than the addressee, nor disclosed to any third party without our permission. There is no intention to create any legally binding contract or other binding commitment through the use of this electronic communication unless it is issued in accordance with the Experian Limited standard terms and conditions of purchase or other express written agreement between Experian Limited and the recipient Experian Limited (registration number 653331) Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF
Re: /etc/profile, mk[passwd|group|group_l_d] messages
> Hows this...? (edit inline) > > oops, corrected some typos. Instead of running `id -ng` several times you can hard code the values (see XXX below) > case "`id -ng`" in > mkpasswd ) > echo "Your group is currently \"`id -ng`\". This indicates that" XXX echo "Your group is currently \"mkpasswd\". This indicates that" > echo "the /etc/passwd (and possibly /etc/group) files should be rebuilt." > echo "See the man pages for mkpasswd and mkgroup then, for example, run" > echo "mkpasswd -l [-d] > /etc/passwd" > echo "mkgroup -l [-d] > /etc/group" > echo "as appropriate. Note that the -d switch is necessary for" > echo "domain users." ;; > mkgroup ) > echo "Your group is currently \"`id -ng`\". This indicates that" XXX ditto > echo "the /etc/group (and possibly /etc/passwd) files should be rebuilt." > echo "See the man pages for mkpasswd and mkgroup then, for example, run" > echo "mkpasswd -l [-d] > /etc/passwd" > echo "mkgroup -l [-d] > /etc/group" > echo "as appropriate. Note that the -d switch is necessary for" > echo "domain users." ;; > mkgroup_l_d ) > echo "The /etc/group file doesn't contain the domain groups." > echo "See the man page for mkgroup and then, for example, run" > echo "mkgroup -l -d > /etc/group" > echo "as appropriate." XXX echo "Your group name is currently \"mkpasswd_l_d\". This indicates that not all" XXX echo "domain users and groups are listed in the "/etc/passwd and /etc/group files." XXX echo "See the man pages for mkpasswd and mkgroup then, for example, run" XXX echo "mkpasswd -l [-d] > /etc/passwd" XXX echo "mkgroup -l [-d] > /etc/group" > echo > echo "You can safely ignore this message" XXX echo "This message is only displayed once and can be safely ignored." > # only display the above once > cat /etc/group | sed -e 's/mkgroup_l_d/mkgroup-l-d/g' > > /etc/group.new mv /etc/group /etc/group.mkgroup_l_d > mv /etc/group.new /etc/group Let's make it fail safe, avoid invoking cat and set the mode sed -e 's/mkgroup_l_d/mkgroup-l-d/' /etc/group > /etc/group.new \ && mv /etc/group /etc/group.mkgroup_l_d && (mv /etc/group.new /etc/group || mv /etc/group.mkgroup_l_d /etc/group ; ) chmod a+r /etc/group rm -f /etc/group.mkgroup_l_d Pierre
Re: /etc/profile, mk[passwd|group|group_l_d] messages
On Thu, 28 Aug 2003, Pierre A. Humblet wrote:
> > Hows this...? (edit inline)
> >
> > oops, corrected some typos.
>
> Instead of running `id -ng` several times you can hard code the values
> (see XXX below)
>
> > case "`id -ng`" in
> > mkpasswd )
> > echo "Your group is currently \"`id -ng`\". This indicates that"
> XXX echo "Your group is currently \"mkpasswd\". This indicates that"
> > echo "the /etc/passwd (and possibly /etc/group) files should be rebuilt."
> > echo "See the man pages for mkpasswd and mkgroup then, for example, run"
> > echo "mkpasswd -l [-d] > /etc/passwd"
> > echo "mkgroup -l [-d] > /etc/group"
> > echo "as appropriate. Note that the -d switch is necessary for"
> > echo "domain users." ;;
> > mkgroup )
> > echo "Your group is currently \"`id -ng`\". This indicates that"
> XXX ditto
> > echo "the /etc/group (and possibly /etc/passwd) files should be rebuilt."
> > echo "See the man pages for mkpasswd and mkgroup then, for example, run"
> > echo "mkpasswd -l [-d] > /etc/passwd"
> > echo "mkgroup -l [-d] > /etc/group"
> > echo "as appropriate. Note that the -d switch is necessary for"
> > echo "domain users." ;;
> > mkgroup_l_d )
> > echo "The /etc/group file doesn't contain the domain groups."
> > echo "See the man page for mkgroup and then, for example, run"
> > echo "mkgroup -l -d > /etc/group"
> > echo "as appropriate."
> XXX echo "Your group name is currently \"mkpasswd_l_d\". This indicates that not all"
> XXX echo "domain users and groups are listed in the "/etc/passwd and /etc/group
> files."
> XXX echo "See the man pages for mkpasswd and mkgroup then, for example, run"
> XXX echo "mkpasswd -l [-d] > /etc/passwd"
> XXX echo "mkgroup -l [-d] > /etc/group"
Umm, Pierre, don't you *need* to add "-d" to mkpasswd and mkgroup
invocations to get the domain users into /etc/{passwd,group}?
Furthermore, what if you only want the *current* domain user to be
recognized? Perhaps the above should be
X echo "See the man pages for mkpasswd and mkgroup then, for example, run"
X echo "mkpasswd -l -d [-u yourUser] >> /etc/passwd"
X echo "mkgroup -l -d > /etc/group"
> > echo
> > echo "You can safely ignore this message"
> XXX echo "This message is only displayed once and can be safely ignored."
> > # only display the above once
> > cat /etc/group | sed -e 's/mkgroup_l_d/mkgroup-l-d/g' >
> > /etc/group.new mv /etc/group /etc/group.mkgroup_l_d
> > mv /etc/group.new /etc/group
>
> Let's make it fail safe, avoid invoking cat and set the mode
> sed -e 's/mkgroup_l_d/mkgroup-l-d/' /etc/group > /etc/group.new \
> && mv /etc/group /etc/group.mkgroup_l_d
> && (mv /etc/group.new /etc/group || mv /etc/group.mkgroup_l_d /etc/group ; )
> chmod a+r /etc/group
> rm -f /etc/group.mkgroup_l_d
>
> Pierre
Better yet, create temporary files in the current directory, allow writes
to /etc/group, and restore the owner/mode afterwards, i.e.,
cp -p /etc/group group.mkgroup_l_d \
&& chmod a+w /etc/group \
&& sed -e 's/^mkgroup_l_d/mkgroup-l-d/' group.mkgroup_l_d > /etc/group \
&& chmod --reference=group.mkgroup_l_d /etc/group \
&& chown --reference=group.mkgroup_l_d /etc/group
rm -f group.mkgroup_l_d
This should work even if /etc is not writeable.
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_[EMAIL PROTECTED]
ZZZzz /,`.-'`'-. ;-;;,_[EMAIL PROTECTED]
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster." -- Patrick Naughton
Re: /etc/profile, mk[passwd|group|group_l_d] messages
Igor Pechtchanski wrote:
>
>
> > XXX echo "Your group name is currently \"mkpasswd_l_d\". This indicates that not
> > all"
> > XXX echo "domain users and groups are listed in the "/etc/passwd and /etc/group
> > files."
> > XXX echo "See the man pages for mkpasswd and mkgroup then, for example, run"
> > XXX echo "mkpasswd -l [-d] > /etc/passwd"
> > XXX echo "mkgroup -l [-d] > /etc/group"
>
> Umm, Pierre, don't you *need* to add "-d" to mkpasswd and mkgroup
> invocations to get the domain users into /etc/{passwd,group}?
> Furthermore, what if you only want the *current* domain user to be
> recognized? Perhaps the above should be
>
> X echo "See the man pages for mkpasswd and mkgroup then, for example, run"
> X echo "mkpasswd -l -d [-u yourUser] >> /etc/passwd"
> X echo "mkgroup -l -d > /etc/group"
Oops, sure.
> Better yet, create temporary files in the current directory, allow writes
> to /etc/group, and restore the owner/mode afterwards, i.e.,
> cp -p /etc/group group.mkgroup_l_d \
> && chmod a+w /etc/group \
> && sed -e 's/^mkgroup_l_d/mkgroup-l-d/' group.mkgroup_l_d > /etc/group \
> && chmod --reference=group.mkgroup_l_d /etc/group \
> && chown --reference=group.mkgroup_l_d /etc/group
> rm -f group.mkgroup_l_d
>
> This should work even if /etc is not writeable.
Hmm, good ideas but must watch for new failure modes.
For example my administrators restrict me severely on shared
drives, even in my home directory :(
~> cp -p .bash_profile abcde
cp: preserving ownership for `abcde': Permission denied
So cp -p /etc/group group.mkgroup_l_d would fail if executed
in my home. Perhaps we should cd to /tmp or $TEMP or some
safe location.
Also chmod a+w might fail although the user has already write access.
Something like ( [ -w /etc/group ] || chmod a+w /etc/group ; )
would be safer.
Also, if the user has write access to /etc/group, the final
chown doesn't seem necessary based on the following experiment.
I am executing as a non privileged user != PHumblet.
$ ls -l test4
--wx-wx-wx+ 1 PHumblet Clearuse0 Mar 3 11:34 test4
$ chmod a+w test4
chmod: changing permissions of `test4': Permission denied
$ echo hello > test4
$ ls -l test4
--wx-wx-wx+ 1 PHumblet Clearuse6 Aug 28 13:26 test4
So making a backup copy of /etc/group would only serve to
restore the modes. We could safely use those of /etc/passwd
instead, avoiding the cp -p problem.
Also
$ rm test4
succeeds. So we may want to consider the case where /etc is writable
but /etc/group isn't (and owned by somebody else), which my original
proposal allowed. Wrting maximally safe code consumes time,
I have to stop for now.
Pierre
RE: /etc/profile, mk[passwd|group|group_l_d] messages
OK, so I think the script as stands is... case "`id -ng`" in mkpasswd ) echo "Your group is currently \"mkpasswd\". This indicates that" echo "the /etc/passwd (and possibly /etc/group) files should be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup ) echo "Your group is currently \"mkgroup \". This indicates that" echo "the /etc/group (and possibly /etc/passwd) files should be rebuilt." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l [-d] > /etc/passwd" echo "mkgroup -l [-d] > /etc/group" echo "as appropriate. Note that the -d switch is necessary for" echo "domain users." ;; mkgroup_l_d ) echo "Your group name is currently \"mkpasswd_l_d\". This indicates that not all" echo "domain users and groups are listed in the "/etc/passwd and /etc/group files." echo "See the man pages for mkpasswd and mkgroup then, for example, run" echo "mkpasswd -l -d [-u yourUser] >> /etc/passwd" echo "mkgroup -l -d > /etc/group" echo echo "This message is only displayed once and can be safely ignored." # only display the above once cp -p /etc/group /etc/group.mkgroup_l_d \ && chmod a+w /etc/group \ && sed -e 's/^mkgroup_l_d/mkgroup-l-d/' group.mkgroup_l_d > /etc/group \ && chmod --reference=group.mkgroup_l_d /etc/group \ && chown --reference=group.mkgroup_l_d /etc/group rm -f group.mkgroup_l_d ;; esac It doesn't matter _overly_ if this doesn't work in all cases, I'd like to aim for an engineers 100% (99.999%), but I'll settle for it working for at least most typical installations. Its not the advanced users I'm so bothered about (since they will already have a /etc/profile installed), its improving the OOTB experience for those who are just 'playing' with cygwin. Thanks for the help guys; anything else? :) J. == Information in this email and any attachments are confidential, and may not be copied or used by anyone other than the addressee, nor disclosed to any third party without our permission. There is no intention to create any legally binding contract or other binding commitment through the use of this electronic communication unless it is issued in accordance with the Experian Limited standard terms and conditions of purchase or other express written agreement between Experian Limited and the recipient Experian Limited (registration number 653331) Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF
