who the %^#$ is messing with /etc/passwd ??

Don Russell fedora at drussell.dnsalias.com
Sat Sep 27 07:13:17 UTC 2008 

On Fri, Sep 26, 2008 at 11:31 PM, Kam Leo <kam.leo at gmail.com> wrote:

> On Fri, Sep 26, 2008 at 10:58 PM, Don Russell
> <fedora at drussell.dnsalias.com> wrote:
> >
> >
> > On Thu, Sep 25, 2008 at 4:56 AM, Bill Crawford <
> billcrawford1970 at gmail.com>
> > wrote:
> >>
> >> On Thursday 25 September 2008 12:41:13 Brian Millett wrote:
> >>
> >> > So the password field has changed from x to *  ????
> >> >
> >> > I know that that means look in /etc/shadow for the password, but what
> >> > inconsistancy will the older, established users find ??
> >>
> >> 'x' means look in /etc/shadow, '*' is one of several ways of indicating
> >> "no
> >> password" as in you can't log in, rather than "blank password" which
> lets
> >> all
> >> log in without one. The .rpmnew is the "unconverted" form, if you run
> >> pwunconv
> >> you'll see the same it /etc/passwd.
> >>
> >
> >
> > The /etc/passwd.rpmnew has 15 lines of userid stuff...
> > My /etc/passwd file has a lot more than that... and many I didn't even
> know
> > about.... (various system things ntpd blah blah blah)
> >
> > Am I supposed to take the users that *I* added to the system (via
> > system-config-users) and cut/paste those ones into the new one, changing
> the
> > x to an *? And thereby dropping all those other ones that are set to
> nologon
> > anyway?
> >
> > Does pwconv or pwunconv do this for me automatically? (The man file looks
> > great for people familiar with it... not so great for explaining what the
> > commands really do.) Shouldn't the update script have done this when it
> > updated setup?
> >
> >        The pwconv command creates shadow from passwd and an optionally
> > existing
> >        shadow.
> >
> >        The pwunconv command creates passwd from passwd and shadow and
> then
> >        removes shadow.
> >
> > So where does passwd.rpmnew come into play?
> >
> > pwconv ... and removes shadow... um, don't I need shadow?
> > ditto for pwunconv
> >
> > I don't get it, now I don't know what I have. :-(
> >
>
> The passwd  rpm specified the creation of /etc/passwd. Since your
> system already had an existing /etc/passwd file that spec instructions
> were written such that the old file was not overwritten. Your old file
> was protected and /etc/passwd.rpmnew was created. You should thank the
> packager for being diligent.
>

Yes, I understand that part of it. What I don't understand now is, what am I
supposed to do with passwd.rpmnew?

I don't mind manually merging in changes etc.. I do this all the time with
other config files that get created as .rpmnew or .rpmsave... I always go
and see what's changed....When I see this sort of thing for other packages
(sendmail for example) I compare the two config files and it's pretty
obvious they've added a new config option or something, but since I've
changed mine, they leave the new one as rpmnew... no problema, I merge my
changes in, restart sendmail, and presto keeno.. back in business with an
up-to-date system.

Right now, I'm left wondering what I'm supposed to do with these passwd
files. Since I didn't add all those items to passwd in the first place, and
now they are removed from passwd.rpmnew, does that mean those IDs are no
longer required, and they should be removed from my passwd file?

Every ID in passwd.rpmnew is already in passwd. But all IDs in passwd are
not in passwd.rpmnew.

As I asked before, am I supposed to drop those ones that were system
generated, and just now keep the ones in passwd.rpmnew + the specific users
*I* created?

Should I just change the "x" in passwd to * and call it a day?
And if that's the case, surely the update process could have done that...
but, it's not a big deal.

As for "thanking the packager for being diligent". Um, doing that sort of
"save the file stuff" is so basic, it pretty much goes with saying. But,
yes, I DO appreciate the efforts of everybody that contributes to Fedora
(and other open source stuff)... including myself.

To me, being "diligent" in this regard is making it obvious what needs to be
done next if the script didn't "do it all".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080927/1da3f796/attachment-0001.htm>

More information about the fedora-list mailing list