From owner-freebsd-current  Mon Nov 12 22:19:44 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205])
	by hub.freebsd.org (Postfix) with ESMTP id 06D4237B405
	for <current@FreeBSD.org>; Mon, 12 Nov 2001 22:19:38 -0800 (PST)
Received: (qmail 8093 invoked from network); 13 Nov 2001 06:19:36 -0000
Received: from unknown (HELO laptop.baldwin.cx) ([64.81.54.73]) (envelope-sender <jhb@FreeBSD.org>)
          by mail5.speakeasy.net (qmail-ldap-1.03) with SMTP
          for <cristjc@earthlink.net>; 13 Nov 2001 06:19:36 -0000
Message-ID: <XFMail.011112221931.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <20011112190215.C45158@blossom.cjclark.org>
Date: Mon, 12 Nov 2001 22:19:31 -0800 (PST)
From: John Baldwin <jhb@FreeBSD.org>
To: "Crist J. Clark" <cristjc@earthlink.net>
Subject: Re: daily run output & passwd diff
Cc: Alexander Leidinger <Alexander@Leidinger.net>,
	current@FreeBSD.org
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On 13-Nov-01 Crist J. Clark wrote:
>> What if someone comments out a line in the password file of a user?  Then
>> this
>> won't hide that password.  When this originally went in, it took a long
>> while
>> to get a sed line people were happy with.  Replacing the version number is a
>> minor thing, but getting it to work perfectly may be a bit difficult.  If
>> you
>> do this, I'd rather you make sed handle the $FreeBSD$ case as a completely
>> separate case, so something like:
>> 
>> sed -e '/\$FreeBSD\$/; //s/blah blah/blah/' or some such (I forget how sed
>> does
>> multiple expressions).
> 
> I thought about this, but then thought, "Who ever just comments out
> password entries without clearing the password too?" I guess the
> answer is, some people do.
> 
> How about,
> 
>   sed -E 's/^([<>]
> [^:]*):[^:]*:(([0-9]+:){2}[^:]*(:[0-9]+){2}(:[^:]*){3}$)/\1:(password)\2/'
> 
> Which only touches entries that match the password format exactly, but
> includes commented out ones?

That's fine I suppose.  I would rather err on the side of caution and just
exclude the $FreeBSD$ line and perform the change on all other lines by
default.  You never know what weird contortion of a password file someone
might be using.

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message