Comments in /etc/passwd

Randal L. Schwartz @ Stonehenge merlyn at intelob.biin.com
Sat Jan 7 07:48:22 AEST 1989 

In article <934 at ccncsu.ColoState.EDU>, steved at longs (Steve Dempsey) writes:
| In article <18759 at agate.BERKELEY.EDU> barn at paxton.ced.berkeley.edu (Gary Barnette) writes:
| >
| >	Can somone tell me if it is OK to have comments ( #... )
| >	in /etc/passwd. Passwd(5) doesn't tell me. Running
| >	BSD 4.2 version 3.2 on Suns.
| 
| I can't think of any stock 4.[23]/SunOS code that is likely to break.

I can think of one: passwd(1).  I don't have access to the source
(it's funny when vendors think that they have to lock up the source
from a contractor when I've been staring at the source since V6, but
that's another story), but I'm pretty sure that passwd(1) copies the
/etc/passwd file through a loop of:

  while (getpwent(&foo)) {
    if foo.pw_name = "the thing getting changed"
      muck with foo struct
    fprintf(newpwdfile, "%s:%s:%s...", foo.pw_name, foo.pw_passwd, ...);
  }

and if getpwent gets an error record, you get back a zeroed-out
structure.  Yuck.  That's what makes the famous:

  ::0:0:::

record that allows BSD's /bin/rsh to login as root with no password!
I think this has been fixed in the latest passwd(1)'s but I bet your
non-conforming entries will still get tossed the next time someone
changes their password.

| For my own utilities that might not be robust enough (:-) and anything else
| that may be lurking, I'd make the comment in the form of a legitimate passwd
| entry - something like this:
| 
|       #:*:-99:-99:*** comments go here ***:/:/nologinshell

I like this better.  Just make sure that the password is really bad,
and not null.  I don't think this would break anything.  (Of course,
if it does, y'all will be quick to tell me, eh?)
-- 
Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095
on contract to BiiN Technical Information Services (for now :-),
in a former Intel building in Hillsboro, Oregon, USA.
<merlyn at intelob.biin.com> or ...!tektronix!inteloa[!intelob]!merlyn
SOME MAILERS REQUIRE <merlyn at intelob.intel.com> GRRRRR!
Standard disclaimer: I *am* my employer!

More information about the Comp.unix.questions mailing list