Date: Mon, 12 Nov 2001 19:02:15 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: John Baldwin <jhb@FreeBSD.org> Cc: current@FreeBSD.org, Alexander Leidinger <Alexander@Leidinger.net> Subject: Re: daily run output & passwd diff Message-ID: <20011112190215.C45158@blossom.cjclark.org> In-Reply-To: <XFMail.011112080837.jhb@FreeBSD.org>; from jhb@FreeBSD.org on Mon, Nov 12, 2001 at 08:08:37AM -0800 References: <20011110231511.G69195@blossom.cjclark.org> <XFMail.011112080837.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 12, 2001 at 08:08:37AM -0800, John Baldwin wrote:
>
> On 11-Nov-01 Crist J. Clark wrote:
> > On Fri, Nov 09, 2001 at 02:55:55PM +0100, Alexander Leidinger wrote:
> >> Hi,
> >>
> >> I think the CVS tag shouldn't be interpreted as an entry which contains
> >> a password.
> >>
> >> ---snip---
> >> Backup passwd and group files:
> >>
> >> 1c1
> >> < # $FreeBSD:(password):09:07 peter Exp $
> >> ---
> >> > # $FreeBSD:(password):27:16 ache Exp $
> >> 16a17
> >> > www:(password):80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin
> >> Magelan.Leidinger.net group diffs:
> >> 1c1
> >> < # $FreeBSD: src/etc/group,v 1.21 2001/10/18 16:53:20 sheldonh Exp $
> >> ---
> >> > # $FreeBSD: src/etc/group,v 1.22 2001/10/25 03:27:16 ache Exp $
> >> 20a21
> >> > www:*:80:
> >> ---snip---
> >
> > Makes sense. No need to hide the revision number.
> >
> > Committed to -CURRENT. MFC 1 week.
> >
> > Index: 200.backup-passwd
> > ===================================================================
> > RCS file: /home/ncvs/src/etc/periodic/daily/200.backup-passwd,v
> > retrieving revision 1.8
> > diff -u -r1.8 200.backup-passwd
> > --- 200.backup-passwd 2000/09/14 17:19:10 1.8
> > +++ 200.backup-passwd 2001/11/11 07:09:49
> > @@ -42,7 +42,7 @@
> > [ $rc -lt 1 ] && rc=1
> > echo "$host passwd diffs:"
> > diff $bak/master.passwd.bak /etc/master.passwd |\
> > - sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
> > + sed 's/^\([<>] [^#][^:]*\):[^:]*:/\1:(password):/'
> > mv $bak/master.passwd.bak $bak/master.passwd.bak2
> > cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
> > fi
>
> What if someone comments out a line in the password file of a user? Then this
> won't hide that password. When this originally went in, it took a long while
> to get a sed line people were happy with. Replacing the version number is a
> minor thing, but getting it to work perfectly may be a bit difficult. If you
> do this, I'd rather you make sed handle the $FreeBSD$ case as a completely
> separate case, so something like:
>
> sed -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed does
> multiple expressions).
I thought about this, but then thought, "Who ever just comments out
password entries without clearing the password too?" I guess the
answer is, some people do.
How about,
sed -E 's/^([<>] [^:]*):[^:]*:(([0-9]+:){2}[^:]*(:[0-9]+){2}(:[^:]*){3}$)/\1:(password)\2/'
Which only touches entries that match the password format exactly, but
includes commented out ones?
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011112190215.C45158>