If you're the sysadmin for the host, then you should call the shots, and do what you think best. When the system breaks as a result of doing this, whose neck is on the line? How did they get the idea that someone could edit this file, let alone put comments in it? It's a rather absurd idea imo. I think this is probably simply the wrong solution to some problem. I don't believe you've told us what the problem is. If you do, perhaps someone here would think of a more appropriate solution. Shawn Badger wrote: > I agree that editing them by hand is a very bad idea, but I have some > people that insist on it and they above me in the Org chart. > > That being said some of those people want to include comments and such > in the files. I can not how ever just say no that is a stupid idea > without first having something to say why that is a stupid idea. > > I am working on the comments and blank lines first and then after they > get used to that I can work on the hand editing portion, but for now I > just need something solid other than poor practice. > > > > On Thu, Feb 4, 2010 at 10:46 AM, Craig White > wrote: > > On Thu, 2010-02-04 at 10:03 -0700, Shawn Badger wrote: > > Somebody did mention security to me as well, but when I asked them to > > elaborate on it they couldn't. > > I agree you can maintain a separate file for the comments, but I am > > looking for something that would say if you have blank line lines in > > in the /etc/passwd or /etc/group file this can happen. And if you > have > > #comments in them this can happen, but so far I have not been able to > > find anything like that. > > > > In order to defend my stance, I need to be able to say this will > > happen if you do that. > ---- > It seems to me that beyond... > > # Do NOT hand edit these files under penalties that might include > # death, getting your hands chopped off or just termination. > > seems to be unnecessary as hand editing passwd/group/shadow files is > fraught with potentially devastating possibilities and so many tools are > available to handle the job. > > Not to mention that a system like LDAP is entirely capable of handling > comments. > > But in fairness, I think there is a lot of context that you are not > sharing with us that would probably be meaningful to the discussion. > > Craig > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- -Eric 'shubes' --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss