This generated a surprising amount of interest and a few requests
that I summarise, so here goes. The original query was:
> Date: Mon, 13 Feb 1995 15:10:40 +0000
> From: firstname.lastname@example.org (Andy Gay)
> Subject: Password file comments
> Newsgroups: info.sun-managers
> Organization: Racal Datacom
> Is there any way to put comments in the /etc/passwd file? I tried using
> lines with the usual "#" at the start, it doesn't seem to stop anything
> working but I get lots of syslog errors about bad passwd entries.
The general flavour of the responses was "NO!" - not only can you
not put comments in, it's a VERY BAD IDEA to try! Seems that you
can open security holes - putting a # in front of a valid entry allows
the entry to be used just by putting the # in front of the user name
when logging in - e.g. (from Goetz Golla <email@example.com>)
does not disable the guest account, but is an entry for user #guest.
Specially bad if using NIS - firstname.lastname@example.org (Syed Zaeem Hosain) reports
that YP can even end up with an account named # with no password!!!
However - it's not all bad. Several people suggested that if you
make a "comment" that looks like a valid entry no harm will be done,
e.g. from email@example.com (Robert Wolf) and several others
comment01:nopass:29901:0: ... true comment line 1 ...:/bin/false:/tmp
Useful but rather obvious IMHO (well, I had thought of it before I
posted the original query). The problem is that it's not easily
seen as a comment entry when editing the file.
For Solaris folks, firstname.lastname@example.org (Paulo Licio de Geus) reports
that comments using # and blank lines are OK in /etc/shadow. I don't
use Solaris though, so I can't verify this.
A good idea if using NIS is to put comments in the YP file and modify
the makefile to strip them out - suggested by Kevin.Sheehan@uniq.com.au
It's fairly obvious that you can disable an account by putting a note
in the password and gecos fields - most people seemed to think that
was what I was trying to do.
My reason for asking was that I'm running a POP server for a growing
population of mail users. I'm trying to find ways to simplify the
passwd file maintenance as new users are added, comments are a first
step. It would have been nice to be able to section the file in an
easily visible way to group users by department, location etc. I wonder
how other folks deal with this - just ensuring you don't duplicate
user names and IDs gets tough when there are a few hundred entries.
Thanks to all who responded.
Andy Gay - Racal Datacom tech support (email@example.com) -- Andy Gay - Racal Datacom tech support (firstname.lastname@example.org)
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:16 CDT