I always do a CYA and you are also correct in that I can explain much more than I already have. I just need something other than it is "not a good practice" to change their minds. I need, if you insert comments or blank lines it will break this or cause this. Here is kind of an abstract as to what the file looks like: /etc/passwd root:x:0:0:root:/root:/bin/bash # service accounts below service1:x:5000:5000:servicea:/home/service1:/bin/bash and the /etc/group file has similar white space and comments in it. obviously I left out much of what is really in there, but the blank lines and comments represent what they look like. On Thu, Feb 4, 2010 at 12:30 PM, Eric Shubert wrote: > If you end up having to add comments to a passwd file, my best advice is > to CYA. Chances are pretty good that doing so will come back to bite. > > I take it you're not at liberty to explain what the problem is this will > allegedly solve. > > Shawn Badger wrote: > > I am the primary sys admin of the box, but the problem is that there is > > other sys admins that say I have to do things this way, I am trying to > > say we need to be doing it this way. > > I would love to say that will be done my way, but without some sort of > > justifcation as to whe this way is better than that way I can't get them > > to change. > > > > I'm sure I'm not the only one that has had to play these office politics > > games before to get some one else to come to see what the current best > > practices are. Yes, it is sad that you have to do these things, but that > > is the world I work in. > > > > > > > > On Thu, Feb 4, 2010 at 11:37 AM, Eric Shubert > > wrote: > > > > If you're the sysadmin for the host, then you should call the shots, > and > > do what you think best. When the system breaks as a result of doing > > this, whose neck is on the line? > > > > How did they get the idea that someone could edit this file, let > alone > > put comments in it? It's a rather absurd idea imo. > > > > I think this is probably simply the wrong solution to some problem. I > > don't believe you've told us what the problem is. If you do, perhaps > > someone here would think of a more appropriate solution. > > > > Shawn Badger wrote: > > > I agree that editing them by hand is a very bad idea, but I have > some > > > people that insist on it and they above me in the Org chart. > > > > > > That being said some of those people want to include comments and > > such > > > in the files. I can not how ever just say no that is a stupid idea > > > without first having something to say why that is a stupid idea. > > > > > > I am working on the comments and blank lines first and then after > > they > > > get used to that I can work on the hand editing portion, but for > > now I > > > just need something solid other than poor practice. > > > > > > > > > > > > On Thu, Feb 4, 2010 at 10:46 AM, Craig White > > > > > >> > > wrote: > > > > > > On Thu, 2010-02-04 at 10:03 -0700, Shawn Badger wrote: > > > > Somebody did mention security to me as well, but when I > > asked them to > > > > elaborate on it they couldn't. > > > > I agree you can maintain a separate file for the comments, > > but I am > > > > looking for something that would say if you have blank > > line lines in > > > > in the /etc/passwd or /etc/group file this can happen. And > > if you > > > have > > > > #comments in them this can happen, but so far I have not > > been able to > > > > find anything like that. > > > > > > > > In order to defend my stance, I need to be able to say > > this will > > > > happen if you do that. > > > ---- > > > It seems to me that beyond... > > > > > > # Do NOT hand edit these files under penalties that might > include > > > # death, getting your hands chopped off or just termination. > > > > > > seems to be unnecessary as hand editing passwd/group/shadow > > files is > > > fraught with potentially devastating possibilities and so > > many tools are > > > available to handle the job. > > > > > > Not to mention that a system like LDAP is entirely capable of > > handling > > > comments. > > > > > > But in fairness, I think there is a lot of context that you > > are not > > > sharing with us that would probably be meaningful to the > > discussion. > > > > > > Craig > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > --------------------------------------------------- > > > PLUG-discuss mailing list - > > PLUG-discuss@lists.plug.phoenix.az.us > > > > > > > > > > To subscribe, unsubscribe, or to change your mail settings: > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > > > > > > -- > > -Eric 'shubes' > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > -- > -Eric 'shubes' > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >