CVS commit: src/etc

[S.P.Zeidler]

Module Name:    src
Committed By:   spz
Date:           Thu Apr  5 09:09:27 UTC 2012

Modified Files:
        src/etc: security
        src/etc/defaults: security.conf

Log Message:
change security so that there is a configuration value for the list of
users who will not be considered for duplicate uid check.
Seed it with 'toor' in defaults/security.conf.


To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 src/etc/security
cvs rdiff -u -r1.23 -r1.24 src/etc/defaults/security.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/etc/security
diff -u src/etc/security:1.110 src/etc/security:1.111
--- src/etc/security:1.110	Wed Mar  2 17:00:28 2011
+++ src/etc/security	Thu Apr  5 09:09:27 2012
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$NetBSD: security,v 1.110 2011/03/02 17:00:28 christos Exp $
+#	$NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -287,14 +287,18 @@ if checkyesno check_passwd; then
 		column $OUTPUT
 	fi
 
-# To not exclude 'toor', a standard duplicate root account, from the duplicate
-# account test, uncomment the line below (without egrep in it)and comment
-# out the line (with egrep in it) below it.
-#
-#	< $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2
-	< $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+	awk -v "permit_dups_list=$check_passwd_permit_dups" \
+	'
+	BEGIN {
+		split(permit_dups_list, a);
+		for (i in a) permit_dups[a[i]]++;
+	}
+	{
+		if (!permit_dups[$1])
+			print $2;
+	}' < $MPBYUID | uniq -d > $TMP2
 	if [ -s $TMP2 ] ; then
-		printf "\n$MP has duplicate user id's.\n"
+		printf "\n$MP has duplicate user ids.\n"
 		while read uid; do
 			grep -w $uid $MPBYUID
 		done < $TMP2 | column

Index: src/etc/defaults/security.conf
diff -u src/etc/defaults/security.conf:1.23 src/etc/defaults/security.conf:1.24
--- src/etc/defaults/security.conf:1.23	Fri Feb  5 16:29:02 2010
+++ src/etc/defaults/security.conf	Thu Apr  5 09:09:27 2012
@@ -1,4 +1,4 @@
-#	$NetBSD: security.conf,v 1.23 2010/02/05 16:29:02 jmmv Exp $
+#	$NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $
 #
 # /etc/defaults/security.conf --
 #	default configuration of /etc/security.conf
@@ -41,6 +41,7 @@ check_mtree_follow_symlinks=NO
 
 check_passwd_nowarn_shells="/sbin/nologin"
 check_passwd_nowarn_users=""
+check_passwd_permit_dups="toor"
 check_passwd_permit_star=NO
 check_passwd_permit_nonalpha=NO
 max_loginlen=16