comments in /eetc/passwd and group

[Eric Shubert]

If you're the sysadmin for the host, then you should call the shots, and 
do what you think best. When the system breaks as a result of doing 
this, whose neck is on the line?

How did they get the idea that someone could edit this file, let alone 
put comments in it? It's a rather absurd idea imo.

I think this is probably simply the wrong solution to some problem. I 
don't believe you've told us what the problem is. If you do, perhaps 
someone here would think of a more appropriate solution.

Shawn Badger wrote:
> I agree that editing them by hand is a very bad idea, but I have some 
> people that insist on it and they above me in the Org chart.
> 
> That being said some of those people want to include comments and such 
> in the files. I can not how ever just say no that is a stupid idea 
> without first having something to say why that is a stupid idea.
> 
> I am working on the comments and blank lines first and then after they 
> get used to that I can work on the hand editing portion, but for now I 
> just need something solid other than poor practice.
> 
> 
> 
> On Thu, Feb 4, 2010 at 10:46 AM, Craig White <craigwhite at azapple.com 
> <mailto:craigwhite at azapple.com>> wrote:
> 
>     On Thu, 2010-02-04 at 10:03 -0700, Shawn Badger wrote:
>      > Somebody did mention security to me as well, but when I asked them to
>      > elaborate on it they couldn't.
>      > I agree you can maintain a separate file for the comments, but I am
>      > looking for something that would say if you have blank line lines in
>      > in the /etc/passwd or /etc/group file this can happen. And if you
>     have
>      > #comments in them this can happen, but so far I have not been able to
>      > find anything like that.
>      >
>      > In order to defend my stance, I need to be able to say this will
>      > happen if you do that.
>     ----
>     It seems to me that beyond...
> 
>     # Do NOT hand edit these files under penalties that might include
>     # death, getting your hands chopped off or just termination.
> 
>     seems to be unnecessary as hand editing passwd/group/shadow files is
>     fraught with potentially devastating possibilities and so many tools are
>     available to handle the job.
> 
>     Not to mention that a system like LDAP is entirely capable of handling
>     comments.
> 
>     But in fairness, I think there is a lot of context that you are not
>     sharing with us that would probably be meaningful to the discussion.
> 
>     Craig
> 
> 
>     --
>     This message has been scanned for viruses and
>     dangerous content by MailScanner, and is
>     believed to be clean.
> 
>     ---------------------------------------------------
>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 


-- 
-Eric 'shubes'