Module Name: src Committed By: spz Date: Thu Apr 5 09:09:27 UTC 2012
Modified Files: src/etc: security src/etc/defaults: security.conf Log Message: change security so that there is a configuration value for the list of users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf. To generate a diff of this commit: cvs rdiff -u -r1.110 -r1.111 src/etc/security cvs rdiff -u -r1.23 -r1.24 src/etc/defaults/security.conf Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/etc/security diff -u src/etc/security:1.110 src/etc/security:1.111 --- src/etc/security:1.110 Wed Mar 2 17:00:28 2011 +++ src/etc/security Thu Apr 5 09:09:27 2012 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $NetBSD: security,v 1.110 2011/03/02 17:00:28 christos Exp $ +# $NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # @@ -287,14 +287,18 @@ if checkyesno check_passwd; then column $OUTPUT fi -# To not exclude 'toor', a standard duplicate root account, from the duplicate -# account test, uncomment the line below (without egrep in it)and comment -# out the line (with egrep in it) below it. -# -# < $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2 - < $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2 + awk -v "permit_dups_list=$check_passwd_permit_dups" \ + ' + BEGIN { + split(permit_dups_list, a); + for (i in a) permit_dups[a[i]]++; + } + { + if (!permit_dups[$1]) + print $2; + }' < $MPBYUID | uniq -d > $TMP2 if [ -s $TMP2 ] ; then - printf "\n$MP has duplicate user id's.\n" + printf "\n$MP has duplicate user ids.\n" while read uid; do grep -w $uid $MPBYUID done < $TMP2 | column Index: src/etc/defaults/security.conf diff -u src/etc/defaults/security.conf:1.23 src/etc/defaults/security.conf:1.24 --- src/etc/defaults/security.conf:1.23 Fri Feb 5 16:29:02 2010 +++ src/etc/defaults/security.conf Thu Apr 5 09:09:27 2012 @@ -1,4 +1,4 @@ -# $NetBSD: security.conf,v 1.23 2010/02/05 16:29:02 jmmv Exp $ +# $NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $ # # /etc/defaults/security.conf -- # default configuration of /etc/security.conf @@ -41,6 +41,7 @@ check_mtree_follow_symlinks=NO check_passwd_nowarn_shells="/sbin/nologin" check_passwd_nowarn_users="" +check_passwd_permit_dups="toor" check_passwd_permit_star=NO check_passwd_permit_nonalpha=NO max_loginlen=16