who the %^#$ is messing with /etc/passwd ??

Kam Leo kam.leo at gmail.com
Sat Sep 27 16:21:59 UTC 2008


On Sat, Sep 27, 2008 at 12:13 AM, Don Russell
<fedora at drussell.dnsalias.com> wrote:
>
>
> On Fri, Sep 26, 2008 at 11:31 PM, Kam Leo <kam.leo at gmail.com> wrote:
>>
>> On Fri, Sep 26, 2008 at 10:58 PM, Don Russell
>> <fedora at drussell.dnsalias.com> wrote:
>> >
>> >
>> > On Thu, Sep 25, 2008 at 4:56 AM, Bill Crawford
>> > <billcrawford1970 at gmail.com>
>> > wrote:
>> >>
>> >> On Thursday 25 September 2008 12:41:13 Brian Millett wrote:
>> >>
>> >> > So the password field has changed from x to *  ????
>> >> >
>> >> > I know that that means look in /etc/shadow for the password, but what
>> >> > inconsistancy will the older, established users find ??
>> >>
>> >> 'x' means look in /etc/shadow, '*' is one of several ways of indicating
>> >> "no
>> >> password" as in you can't log in, rather than "blank password" which
>> >> lets
>> >> all
>> >> log in without one. The .rpmnew is the "unconverted" form, if you run
>> >> pwunconv
>> >> you'll see the same it /etc/passwd.
>> >>
>> >
>> >
>> > The /etc/passwd.rpmnew has 15 lines of userid stuff...
>> > My /etc/passwd file has a lot more than that... and many I didn't even
>> > know
>> > about.... (various system things ntpd blah blah blah)
>> >
>> > Am I supposed to take the users that *I* added to the system (via
>> > system-config-users) and cut/paste those ones into the new one, changing
>> > the
>> > x to an *? And thereby dropping all those other ones that are set to
>> > nologon
>> > anyway?
>> >
>> > Does pwconv or pwunconv do this for me automatically? (The man file
>> > looks
>> > great for people familiar with it... not so great for explaining what
>> > the
>> > commands really do.) Shouldn't the update script have done this when it
>> > updated setup?
>> >
>> >        The pwconv command creates shadow from passwd and an optionally
>> > existing
>> >        shadow.
>> >
>> >        The pwunconv command creates passwd from passwd and shadow and
>> > then
>> >        removes shadow.
>> >
>> > So where does passwd.rpmnew come into play?
>> >
>> > pwconv ... and removes shadow... um, don't I need shadow?
>> > ditto for pwunconv
>> >
>> > I don't get it, now I don't know what I have. :-(
>> >
>>
>> The passwd  rpm specified the creation of /etc/passwd. Since your
>> system already had an existing /etc/passwd file that spec instructions
>> were written such that the old file was not overwritten. Your old file
>> was protected and /etc/passwd.rpmnew was created. You should thank the
>> packager for being diligent.
>
> Yes, I understand that part of it. What I don't understand now is, what am I
> supposed to do with passwd.rpmnew?
>
> I don't mind manually merging in changes etc.. I do this all the time with
> other config files that get created as .rpmnew or .rpmsave... I always go
> and see what's changed....When I see this sort of thing for other packages
> (sendmail for example) I compare the two config files and it's pretty
> obvious they've added a new config option or something, but since I've
> changed mine, they leave the new one as rpmnew... no problema, I merge my
> changes in, restart sendmail, and presto keeno.. back in business with an
> up-to-date system.
>
> Right now, I'm left wondering what I'm supposed to do with these passwd
> files. Since I didn't add all those items to passwd in the first place, and
> now they are removed from passwd.rpmnew, does that mean those IDs are no
> longer required, and they should be removed from my passwd file?
>
> Every ID in passwd.rpmnew is already in passwd. But all IDs in passwd are
> not in passwd.rpmnew.
>
> As I asked before, am I supposed to drop those ones that were system
> generated, and just now keep the ones in passwd.rpmnew + the specific users
> *I* created?
>
> Should I just change the "x" in passwd to * and call it a day?
> And if that's the case, surely the update process could have done that...
> but, it's not a big deal.
>
> As for "thanking the packager for being diligent". Um, doing that sort of
> "save the file stuff" is so basic, it pretty much goes with saying. But,
> yes, I DO appreciate the efforts of everybody that contributes to Fedora
> (and other open source stuff)... including myself.
>
> To me, being "diligent" in this regard is making it obvious what needs to be
> done next if the script didn't "do it all".

I don't think you comprehend what I wrote. You do not need
passwd.rpmnew.  You can delete it.

Search your system for .rpmnew files. You'll be surprised at how many
there are. Some will duplicate existing files, Those you can delete.
You should examine the others that differ to determine if you want to
replace the original file with  the .rpmnew version.




More information about the fedora-list mailing list