Date: Mon, 12 Nov 2001 22:19:31 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: "Crist J. Clark" <cristjc@earthlink.net> Cc: Alexander Leidinger <Alexander@Leidinger.net>, current@FreeBSD.org Subject: Re: daily run output & passwd diff Message-ID: <XFMail.011112221931.jhb@FreeBSD.org> In-Reply-To: <20011112190215.C45158@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13-Nov-01 Crist J. Clark wrote:
>> What if someone comments out a line in the password file of a user? Then
>> this
>> won't hide that password. When this originally went in, it took a long
>> while
>> to get a sed line people were happy with. Replacing the version number is a
>> minor thing, but getting it to work perfectly may be a bit difficult. If
>> you
>> do this, I'd rather you make sed handle the $FreeBSD$ case as a completely
>> separate case, so something like:
>>
>> sed -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed
>> does
>> multiple expressions).
>
> I thought about this, but then thought, "Who ever just comments out
> password entries without clearing the password too?" I guess the
> answer is, some people do.
>
> How about,
>
> sed -E 's/^([<>]
> [^:]*):[^:]*:(([0-9]+:){2}[^:]*(:[0-9]+){2}(:[^:]*){3}$)/\1:(password)\2/'
>
> Which only touches entries that match the password format exactly, but
> includes commented out ones?
That's fine I suppose. I would rather err on the side of caution and just
exclude the $FreeBSD$ line and perform the change on all other lines by
default. You never know what weird contortion of a password file someone
might be using.
--
John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011112221931.jhb>