From owner-freebsd-current@FreeBSD.ORG Wed Nov 21 16:27:29 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4056F7BE; Wed, 21 Nov 2012 16:27:29 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by mx1.freebsd.org (Postfix) with ESMTP id 3DB6C8FC0C; Wed, 21 Nov 2012 16:27:28 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id hm6so1734822wib.13 for ; Wed, 21 Nov 2012 08:27:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=5PlpL4+yBcok7QUnKVJyqULcgrfzoHdiDiy/3Psd3w8=; b=cv6H7t6E+YsJ1YLaJT4TMQFl8jQRwh7+kJ5LbTmKOTZQjFfc/cEYQ6+Ogfmxf37nat zGaT+hAbnVz4vjUumGN+eJU47l8jTg7wOR92Vvsxq4yR8wiyqAlGBCRn2681dJzxnLyH 94JAfj5w5vH/tvRr9Fa1jNuntqGmTGyfMYa9xCgSG9yUk/jOz5+QWEKiuh+ARLRpZBJn y5ZsWqUimhbt+Dc+p+OkJWKfv/NjLzL11rlyxrLq1qbfF+KiZ/ZnyeXYkOeKbwn6aJvU //J3CfmxJffDNtCn+nn1QE/olHgX//WOr3GXrsFPWdtcTuIbKWE8r0xexoC+g42BRES8 KOYA== Received: by 10.216.227.132 with SMTP id d4mr3107879weq.33.1353515247245; Wed, 21 Nov 2012 08:27:27 -0800 (PST) Received: from dft-labs.eu (n1x0n-1-pt.tunnel.tserv5.lon1.ipv6.he.net. [2001:470:1f08:1f7::2]) by mx.google.com with ESMTPS id bn7sm4480wib.8.2012.11.21.08.27.25 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 21 Nov 2012 08:27:26 -0800 (PST) Date: Wed, 21 Nov 2012 17:27:18 +0100 From: Mateusz Guzik To: Jaakko Heinonen Subject: Re: pw keeps setting /etc/group to 0600 Message-ID: <20121121162718.GA10768@dft-labs.eu> Mail-Followup-To: Mateusz Guzik , Jaakko Heinonen , Ryan Stone , FreeBSD Current , bapt@freebsd.org References: <20121119222843.GB22292@dft-labs.eu> <20121121154542.GA1849@a91-153-116-96.elisa-laajakaista.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20121121154542.GA1849@a91-153-116-96.elisa-laajakaista.fi> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: bapt@freebsd.org, FreeBSD Current , Ryan Stone X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2012 16:27:29 -0000 On Wed, Nov 21, 2012 at 05:45:43PM +0200, Jaakko Heinonen wrote: > On 2012-11-19, Mateusz Guzik wrote: > > First, pw should not fail if other instance is running, it should wait > > instead (think of parallel batch scripts adding some users/groups). > > > > Second, current code has a race: > > lockfd = open(group_file, O_RDONLY, 0); > > if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1) > > err(1, "%s", group_file); > > if (flock(lockfd, LOCK_EX|LOCK_NB) == -1) { > > [..] > > gr_copy(pfd, tfd, gr, old_gr); /* copy from groupfile to tempfile */ > > [..] > > rename(tempfile,groupfile); > > Hmm, could using the O_EXLOCK flag for open() instead of flock() help here? > Yes, this would fix the race. But the problem of pw exiting due to other process holding the lock remains. And I think that fixing it will require holding a lock over whole time pw is running so that we have stable snapshot of user base at least in regard of local files. One could create one lock, say /etc/.pw.lock, that would be used to synchronize any changes to /etc/master.passwd, /etc/group and whatnot. And then there is this API issue (but maybe this is just me nitpicking). -- Mateusz Guzik