Re: comments in /eetc/passwd and group

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Shawn Badger
Date:  
To: Main PLUG discussion list
Subject: Re: comments in /eetc/passwd and group
I always do a CYA and you are also correct in that I can explain much more
than I already have.
I just need something other than it is "not a good practice" to change their
minds. I need, if you insert comments or blank lines it will break this or
cause this.

Here is kind of an abstract as to what the file looks like:
/etc/passwd
root:x:0:0:root:/root:/bin/bash


# service accounts below
service1:x:5000:5000:servicea:/home/service1:/bin/bash


and the /etc/group file has similar white space and comments in it.


obviously I left out much of what is really in there, but the blank lines
and comments represent what they look like.




On Thu, Feb 4, 2010 at 12:30 PM, Eric Shubert <> wrote:

> If you end up having to add comments to a passwd file, my best advice is
> to CYA. Chances are pretty good that doing so will come back to bite.
>
> I take it you're not at liberty to explain what the problem is this will
> allegedly solve.
>
> Shawn Badger wrote:
> > I am the primary sys admin of the box, but the problem is that there is
> > other sys admins that say I have to do things this way, I am trying to
> > say we need to be doing it this way.
> > I would love to say that will be done my way, but without some sort of
> > justifcation as to whe this way is better than that way I can't get them
> > to change.
> >
> > I'm sure I'm not the only one that has had to play these office politics
> > games before to get some one else to come to see what the current best
> > practices are. Yes, it is sad that you have to do these things, but that
> > is the world I work in.
> >
> >
> >
> > On Thu, Feb 4, 2010 at 11:37 AM, Eric Shubert <
> > <mailto:ejs@shubes.net>> wrote:
> >
> >     If you're the sysadmin for the host, then you should call the shots,
> and
> >     do what you think best. When the system breaks as a result of doing
> >     this, whose neck is on the line?

> >
> >     How did they get the idea that someone could edit this file, let
> alone
> >     put comments in it? It's a rather absurd idea imo.

> >
> >     I think this is probably simply the wrong solution to some problem. I
> >     don't believe you've told us what the problem is. If you do, perhaps
> >     someone here would think of a more appropriate solution.

> >
> >     Shawn Badger wrote:
> >      > I agree that editing them by hand is a very bad idea, but I have
> some
> >      > people that insist on it and they above me in the Org chart.
> >      >
> >      > That being said some of those people want to include comments and
> >     such
> >      > in the files. I can not how ever just say no that is a stupid idea
> >      > without first having something to say why that is a stupid idea.

> >      >
> >      > I am working on the comments and blank lines first and then after
> >     they
> >      > get used to that I can work on the hand editing portion, but for
> >     now I
> >      > just need something solid other than poor practice.

> >      >

> >      >

> >      >
> >      > On Thu, Feb 4, 2010 at 10:46 AM, Craig White
> >     < <mailto:craigwhite@azapple.com>
> >      > <mailto:craigwhite@azapple.com <mailto:craigwhite@azapple.com>>>
> >     wrote:

> >      >
> >      >     On Thu, 2010-02-04 at 10:03 -0700, Shawn Badger wrote:
> >      >      > Somebody did mention security to me as well, but when I
> >     asked them to
> >      >      > elaborate on it they couldn't.
> >      >      > I agree you can maintain a separate file for the comments,
> >     but I am
> >      >      > looking for something that would say if you have blank
> >     line lines in
> >      >      > in the /etc/passwd or /etc/group file this can happen. And
> >     if you
> >      >     have
> >      >      > #comments in them this can happen, but so far I have not
> >     been able to
> >      >      > find anything like that.

> >      >      >
> >      >      > In order to defend my stance, I need to be able to say
> >     this will
> >      >      > happen if you do that.
> >      >     ----
> >      >     It seems to me that beyond...

> >      >
> >      >     # Do NOT hand edit these files under penalties that might
> include
> >      >     # death, getting your hands chopped off or just termination.

> >      >
> >      >     seems to be unnecessary as hand editing passwd/group/shadow
> >     files is
> >      >     fraught with potentially devastating possibilities and so
> >     many tools are
> >      >     available to handle the job.

> >      >
> >      >     Not to mention that a system like LDAP is entirely capable of
> >     handling
> >      >     comments.

> >      >
> >      >     But in fairness, I think there is a lot of context that you
> >     are not
> >      >     sharing with us that would probably be meaningful to the
> >     discussion.

> >      >
> >      >     Craig

> >      >

> >      >
> >      >     --
> >      >     This message has been scanned for viruses and
> >      >     dangerous content by MailScanner, and is
> >      >     believed to be clean.

> >      >
> >      >     ---------------------------------------------------
> >      >     PLUG-discuss mailing list -
> >     
> >     <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> >      >     <mailto:PLUG-discuss@lists.plug.phoenix.az.us
> >     <mailto:PLUG-discuss@lists.plug.phoenix.az.us>>
> >      >     To subscribe, unsubscribe, or to change your mail settings:
> >      >     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

> >      >

> >      >

> >
> >
> >     --
> >     -Eric 'shubes'

> >
> >     ---------------------------------------------------
> >     PLUG-discuss mailing list - 
> >     <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> >     To subscribe, unsubscribe, or to change your mail settings:
> >     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

> >
> >
>
>
> --
> -Eric 'shubes'
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss