Date: Thu, 23 Jan 2003 18:37:07 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Max Khon <fjoe@iclub.nsu.ru> Cc: Craig Rodrigues <rodrigc@attbi.com>, freebsd-current@freebsd.org Subject: Re: pw Message-ID: <3E30A6D3.85A818C4@mindspring.com> References: <20030124022538.C36624@iclub.nsu.ru> <20030123205418.GA41199@attbi.com> <20030124030942.A37794@iclub.nsu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Khon wrote: > most messages were related to adduser.pl. adduser.pl has gone > and adduser.sh now uses pw directly > > as for login class and group names -- there is nothing wrong with '$' > in them but if anyone would be uncomfortable with it why not commit > the patch that someone (Terry?) suggested that filters out '$' from > login class and group names? For the same reason that "adduser" was part of the discussion. The main reason behind my patch was to minimize the amount of weird-ass characters someone writing a script to call the "pw" program would have to deal with escaping, quoting, or otherwise beating into submission so that they would not be interpreted by the sh, perl, PHP, Python, Eiffel, or whatever interpreter that was doing the calling. The problem is that, by default, when a user is created, a group with the same name is created. Therefore the patch I proposed is not quite correct, in that it disallows it in both group names and login classes, rather than just login classes. The end result is that the standard tools would need to create both. This is a problem in the "adduser" case, and other cases, because "$" is a significant character to the scripts, and therefore a lot of care would have to be done in order to quote the use of it in both user names and passwords. In truth, the group name should not be alowed to default, and it should instead be set to something like "samba" or "sambashare", instead of equalling the password file entry. Given the mapping between UNIX and SMB permissions, in fact, each share should use its own group, too (probably with the stick bit set for proper inheritance). In any case, the other major point in that thread is that the "$" should be implied by the Samba source code, and one of the people monitoring the thread, involved in the Samba project, was going to take that suggestion to the Samba people for them to act on it; and that was where the thread left off. So the question is: what has Samba done about implying the "$", and stripping it off then end of the user name before trying to compare the username and password in the host user database? -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E30A6D3.85A818C4>