If you're the sysadmin for the host, then you should call the shots, and
do what you think best. When the system breaks as a result of doing
this, whose neck is on the line?
How did they get the idea that someone could edit this file, let alone
put comments in it? It's a rather absurd idea imo.
I think this is probably simply the wrong solution to some problem. I
don't believe you've told us what the problem is. If you do, perhaps
someone here would think of a more appropriate solution.
Shawn Badger wrote:
> I agree that editing them by hand is a very bad idea, but I have some
> people that insist on it and they above me in the Org chart.
>
> That being said some of those people want to include comments and such
> in the files. I can not how ever just say no that is a stupid idea
> without first having something to say why that is a stupid idea.
>
> I am working on the comments and blank lines first and then after they
> get used to that I can work on the hand editing portion, but for now I
> just need something solid other than poor practice.
>
>
>
> On Thu, Feb 4, 2010 at 10:46 AM, Craig White <craigwhite@azapple.com
> <mailto:craigwhite@azapple.com>> wrote:
>
> On Thu, 2010-02-04 at 10:03 -0700, Shawn Badger wrote:
> > Somebody did mention security to me as well, but when I asked them to
> > elaborate on it they couldn't.
> > I agree you can maintain a separate file for the comments, but I am
> > looking for something that would say if you have blank line lines in
> > in the /etc/passwd or /etc/group file this can happen. And if you
> have
> > #comments in them this can happen, but so far I have not been able to
> > find anything like that.
> >
> > In order to defend my stance, I need to be able to say this will
> > happen if you do that.
> ----
> It seems to me that beyond...
>
> # Do NOT hand edit these files under penalties that might include
> # death, getting your hands chopped off or just termination.
>
> seems to be unnecessary as hand editing passwd/group/shadow files is
> fraught with potentially devastating possibilities and so many tools are
> available to handle the job.
>
> Not to mention that a system like LDAP is entirely capable of handling
> comments.
>
> But in fairness, I think there is a lot of context that you are not
> sharing with us that would probably be meaningful to the discussion.
>
> Craig
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss