[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: add user ?

On Fri, 21 Feb 1997, Sasha Sobol wrote:
> I run a *clean* Redhat 4.0 on Intel.
> My passwd,login,rlogin,su,etc. programs came from 
> passwd-0.50-2.src.rpm and all do use pam.
> My adduser script came from adduser-1.2-1.src.rpm.
> I can see at least one bug in it 
> (even if i believe that this certain version of adduser uses the same
>   mechanism of /etc/passwd locking as other programs do)
> in adduser script we have:
>   PLOCK="/etc/.pwd.lock"		# Standard method of locking the  password file.
>   #...
>   if [ -f $PLOCK ]; then
>   	echo "$PASSWD is locked.  Try again later." ; exit 1
>   fi
>   touch $PLOCK ;
> What will happen if two addusers run simultaniosely ?
> Look, if command will be successeful for both processes !
> (then both will touch $PLOCK ... - we will have a mess in /etc/passwd file!)

Yes, there is a race condition here one that is *very* difficult to get
rid of with shell scripts. To get this to work properly you do need an
atomic operation, in C this is done with an OPEN(O_CREAT|O_EXCL) which
(excluding NFS) is atomic.

There really isn't such an operation in a shell script, though the chances
of this happening in reality are probably slim (depending on your
situation of course, it would be easy to *make* it happen if that was your

> What is wrong with my adduser script ?
> (of course, I can fix it by hands - use ln instead of touch for example)

How does this help? You still have a window of opportunity between the
check and the creation of the file. 

> Does anyone know what does pam do with /etc/passwd ?

Well, looking at the source in PAM 0.56/modules/pam_unix/pam_unix_passwd.c, 
I note that it is done wrong (in my view), it uses fcntl(/etc/.pwd.lock)
but it doesn't fail if /etc/.pwd.lock already exists (which means that it
won't honour adduser's lock). It ought to use open(O_CREAT|O_EXCL) but it
doesn't. This explains the behaviour you are seeing.

> Does it use any kind of lock ?
> How is /etc/group file locked ?

Where, in adduser? Using the same /etc/.pwd.lock file.

cheers, kinch

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []