/etc/profile, mk[passwd|group|group_l_d] messages

Pierre A. Humblet Pierre.Humblet@ieee.org
Thu Aug 28 17:58:00 GMT 2003 

Igor Pechtchanski wrote:
> 
>
> > XXX echo "Your group name is currently \"mkpasswd_l_d\". This indicates that not all"
> > XXX echo "domain users and groups are listed in the "/etc/passwd and /etc/group files."
> > XXX echo "See the man pages for mkpasswd and mkgroup then, for example, run"
> > XXX echo "mkpasswd -l [-d] > /etc/passwd"
> > XXX echo "mkgroup  -l [-d] > /etc/group"
> 
> Umm, Pierre, don't you *need* to add "-d" to mkpasswd and mkgroup
> invocations to get the domain users into /etc/{passwd,group}?
> Furthermore, what if you only want the *current* domain user to be
> recognized?  Perhaps the above should be
> 
> XXXXX echo "See the man pages for mkpasswd and mkgroup then, for example, run"
> XXXXX echo "mkpasswd -l -d [-u yourUser] >> /etc/passwd"
> XXXXX echo "mkgroup  -l -d > /etc/group"

Oops, sure.

> Better yet, create temporary files in the current directory, allow writes
> to /etc/group, and restore the owner/mode afterwards, i.e.,
>         cp -p /etc/group group.mkgroup_l_d \
>         && chmod a+w /etc/group \
>         && sed -e 's/^mkgroup_l_d/mkgroup-l-d/' group.mkgroup_l_d > /etc/group \
>         && chmod --reference=group.mkgroup_l_d /etc/group \
>         && chown --reference=group.mkgroup_l_d /etc/group
>         rm -f group.mkgroup_l_d
> 
> This should work even if /etc is not writeable.

Hmm, good ideas but must watch for new failure modes.

For example my administrators restrict me severely on shared 
drives, even in my home directory :(
~> cp -p .bash_profile abcde
cp: preserving ownership for `abcde': Permission denied

So cp -p /etc/group group.mkgroup_l_d would fail if executed
in my home. Perhaps we should cd to /tmp or $TEMP or some 
safe location.  

Also chmod a+w might fail although the user has already write access.
Something like ( [ -w /etc/group ] || chmod a+w /etc/group ; )
would be safer.

Also, if the user has write access to /etc/group, the final
chown doesn't seem necessary based on the following experiment.
I am executing as a non privileged user != PHumblet.
$ ls -l test4      
--wx-wx-wx+   1 PHumblet Clearuse        0 Mar  3 11:34 test4
$ chmod a+w test4
chmod: changing permissions of `test4': Permission denied
$ echo hello > test4
$ ls -l test4
--wx-wx-wx+   1 PHumblet Clearuse        6 Aug 28 13:26 test4
So making a backup copy of /etc/group would only serve to
restore the modes. We could safely use those of /etc/passwd 
instead, avoiding the cp -p problem.

Also
$ rm test4
succeeds. So we may want to consider the case where /etc is writable
but /etc/group isn't (and owned by somebody else), which my original 
proposal allowed. Wrting maximally safe code consumes time,
I have to stop for now.

 
Pierre

More information about the Cygwin-apps mailing list