I always do a CYA and you are also correct in that I can explain much more
than I already have.
I just need something other than it is "not a good practice" to change their
minds. I need, if you insert comments or blank lines it will break this or
cause this.
Here is kind of an abstract as to what the file looks like:
/etc/passwd
root:x:0:0:root:/root:/bin/bash
# service accounts below
service1:x:5000:5000:servicea:/home/service1:/bin/bash
and the /etc/group file has similar white space and comments in it.
obviously I left out much of what is really in there, but the blank lines
and comments represent what they look like.
On Thu, Feb 4, 2010 at 12:30 PM, Eric Shubert <
ejs@shubes.net> wrote:
> If you end up having to add comments to a passwd file, my best advice is
> to CYA. Chances are pretty good that doing so will come back to bite.
>
> I take it you're not at liberty to explain what the problem is this will
> allegedly solve.
>
> Shawn Badger wrote:
> > I am the primary sys admin of the box, but the problem is that there is
> > other sys admins that say I have to do things this way, I am trying to
> > say we need to be doing it this way.
> > I would love to say that will be done my way, but without some sort of
> > justifcation as to whe this way is better than that way I can't get them
> > to change.
> >
> > I'm sure I'm not the only one that has had to play these office politics
> > games before to get some one else to come to see what the current best
> > practices are. Yes, it is sad that you have to do these things, but that
> > is the world I work in.
> >
> >
> >
> > On Thu, Feb 4, 2010 at 11:37 AM, Eric Shubert <ejs@shubes.net
> > <mailto:ejs@shubes.net>> wrote:
> >
> > If you're the sysadmin for the host, then you should call the shots,
> and
> > do what you think best. When the system breaks as a result of doing
> > this, whose neck is on the line?
> >
> > How did they get the idea that someone could edit this file, let
> alone
> > put comments in it? It's a rather absurd idea imo.
> >
> > I think this is probably simply the wrong solution to some problem. I
> > don't believe you've told us what the problem is. If you do, perhaps
> > someone here would think of a more appropriate solution.
> >
> > Shawn Badger wrote:
> > > I agree that editing them by hand is a very bad idea, but I have
> some
> > > people that insist on it and they above me in the Org chart.
> > >
> > > That being said some of those people want to include comments and
> > such
> > > in the files. I can not how ever just say no that is a stupid idea
> > > without first having something to say why that is a stupid idea.
> > >
> > > I am working on the comments and blank lines first and then after
> > they
> > > get used to that I can work on the hand editing portion, but for
> > now I
> > > just need something solid other than poor practice.
> > >
> > >
> > >
> > > On Thu, Feb 4, 2010 at 10:46 AM, Craig White
> > <craigwhite@azapple.com <mailto:craigwhite@azapple.com>
> > > <mailto:craigwhite@azapple.com <mailto:craigwhite@azapple.com>>>
> > wrote:
> > >
> > > On Thu, 2010-02-04 at 10:03 -0700, Shawn Badger wrote:
> > > > Somebody did mention security to me as well, but when I
> > asked them to
> > > > elaborate on it they couldn't.
> > > > I agree you can maintain a separate file for the comments,
> > but I am
> > > > looking for something that would say if you have blank
> > line lines in
> > > > in the /etc/passwd or /etc/group file this can happen. And
> > if you
> > > have
> > > > #comments in them this can happen, but so far I have not
> > been able to
> > > > find anything like that.
> > > >
> > > > In order to defend my stance, I need to be able to say
> > this will
> > > > happen if you do that.
> > > ----
> > > It seems to me that beyond...
> > >
> > > # Do NOT hand edit these files under penalties that might
> include
> > > # death, getting your hands chopped off or just termination.
> > >
> > > seems to be unnecessary as hand editing passwd/group/shadow
> > files is
> > > fraught with potentially devastating possibilities and so
> > many tools are
> > > available to handle the job.
> > >
> > > Not to mention that a system like LDAP is entirely capable of
> > handling
> > > comments.
> > >
> > > But in fairness, I think there is a lot of context that you
> > are not
> > > sharing with us that would probably be meaningful to the
> > discussion.
> > >
> > > Craig
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > >
> > > ---------------------------------------------------
> > > PLUG-discuss mailing list -
> > PLUG-discuss@lists.plug.phoenix.az.us
> > <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> > > <mailto:PLUG-discuss@lists.plug.phoenix.az.us
> > <mailto:PLUG-discuss@lists.plug.phoenix.az.us>>
> > > To subscribe, unsubscribe, or to change your mail settings:
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> > >
> >
> >
> > --
> > -Eric 'shubes'
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
>
>
> --
> -Eric 'shubes'
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)