HPE Community
Operating System - HP-UX
1833777 Members
2200 Online
110063 Solutions
New Discussion

Re: Are there lock files for passwd/useradd/usermod/userdel ?

 
SOLVED
Go to solution
jmb
Regular Advisor

‎01-26-2004 08:07 AM

‎01-26-2004 08:07 AM

Are there lock files for passwd/useradd/usermod/userdel ?

We are going to handle some of the these commands with scripts, but we don't want file conflicts, on the off chance someone else is also editing the same login.

I know about /etc/ptmp, but it appears the system does not use it with passwd. Are there any other lock files the system uses when modifying passwd or shadow?
0 Kudos
Reply
7 REPLIES 7
A. Clay Stephenson
Acclaimed Contributor

‎01-26-2004 08:14 AM

‎01-26-2004 08:14 AM

Re: Are there lock files for passwd/useradd/usermod/userdel ?

The NIS passwd daemon (yppasswdd) uses /var/adm/ptmp; vipw uses /etc/ptmp and the man page of yppasswd also indicates that vipw uses /var/adm/ptmp as well. The bad news is that all of these are simply conventions. For example, nothing at all would prevent a user with suitable permissions from editing the passwd file with nothing more powerful than vi.
If it ain't broke, I can fix that.
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-26-2004 08:21 AM

‎01-26-2004 08:21 AM

Re: Are there lock files for passwd/useradd/usermod/userdel ?

Hi,

From the tusc output, I found that it created two files .pwd.lock and ptmp under /etc and use lockf to lock them until it is done.

open("/etc/.pwd.lock", O_RDWR, 0177777) .................... = 3
lockf(3, 0x2, 0) ........................................... = 0
open("/etc/ptmp", O_WRONLY|O_CREAT|O_EXCL, 0) .............. = 5
setresuid(-1, 0, -1) ....................................... = 0
fchmod(5, 0444) ............................................ = 0
lockf(5, 0x2, 0) ........................................... = 0

But if you are using only passwd/useradd/usermod commands, then the system will take care of creating the locks.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-26-2004 08:26 AM

‎01-26-2004 08:26 AM

Solution

Re: Are there lock files for passwd/useradd/usermod/userdel ?

Actually, it appears that all 4 programs do indeed reference /etc/ptmp, so as long as *EVERY* root user is FORBIDDEN to use vi (or ed or sed or emacs or other editors) on the passwd file (or /tcb files), then you'll be OK. A better solution would be to write your scripts with checks to see if another copy is already running. Hint:

MMYNAME=${0##*/}
if [ UNIX95= ps -C $MYNAME > /dev/null ]
then
print "\nAnother copy is running!\n"
exit 1
fi


Bill Hassell, sysadmin
Reply
Steven E. Protter
Exalted Contributor

‎01-26-2004 08:34 AM

‎01-26-2004 08:34 AM

Re: Are there lock files for passwd/useradd/usermod/userdel ?

vipw is a special version of vi that locks access to the edited file.

Its designed to work on files such as /etc/passwd and such.

It works quite nicely however on any file you don't want edited by another user while you are working on it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-26-2004 09:03 AM

‎01-26-2004 09:03 AM

Re: Are there lock files for passwd/useradd/usermod/userdel ?

And to second Stephen's vipw recommendation, vipw also uses /etc/ptmp. However, I would discourage root users from using vipw except for minor edits such as the GECOS (information) field. Users can change their own shell without root's help. In fact, it appears that all these tools use /etc/ptmp:

passwd useradd usermod userdel chfn chsh vipw


Bill Hassell, sysadmin
0 Kudos
Reply
jmb
Regular Advisor

‎01-26-2004 09:07 AM

‎01-26-2004 09:07 AM

Re: Are there lock files for passwd/useradd/usermod/userdel ?

I have not had time to test this, but are you saying that if /etc/ptmp exists, none of those utilities will work?
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎01-26-2004 09:16 AM

‎01-26-2004 09:16 AM

Re: Are there lock files for passwd/useradd/usermod/userdel ?

Yes, all of those commands including passwd respect/honor the /etc/ptmp convention. As long as ONLY those utilities , with the possible inclusion of vipw, are used to modify the passwd files/databases then the operations properly block. However, it must be stressed that any rogue cowboy/process with root permissions can completely ignore the existence of a lockfile. It is therefore imperative that all users with super-user priviliges restrict themselves to whatever conventions you adopt.
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.