HPE Community
Operating System - HP-UX
1824721 Members
3988 Online
109674 Solutions
New Discussion юеВ

Comments in /etc/passwd file

 
Matthew Holdsworth
Advisor

тАО09-17-2007 09:28 PM

тАО09-17-2007 09:28 PM

Comments in /etc/passwd file

Hi all, quick question!

Does anyone know of the possibility of being able to put comment lines into the password and shadow files?
E.g.
progress:x:503:500::/home/progress:/bin/ksh
mholds:x:504:500::/home/mholds:/bin/ksh
# All users from here created after 18092007

Regards

Matt
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО09-17-2007 09:29 PM

тАО09-17-2007 09:29 PM

Re: Comments in /etc/passwd file

Shalom,

Shadow file? No way, you could compromise security.

Field 5 of /etc/passwd which we normally store the user name in? Put whatever you want, knock yourself out.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Matthew Holdsworth
Advisor

тАО09-17-2007 09:34 PM

тАО09-17-2007 09:34 PM

Re: Comments in /etc/passwd file

Thank you for the quick response but with regards to the passwd file comment - it is not a comment about the user I am after, I know there is a comment field for them.

My question was, can you add a general comment line into the passwd file as the example in my original message states.

Regards

Matt
0 Kudos
Reply
Heiner E. Lennackers
Respected Contributor

тАО09-17-2007 09:49 PM

тАО09-17-2007 09:49 PM

Re: Comments in /etc/passwd file

Comments in /etc/passwd /etc/shadow /etc/group etc are not supported and it should never be done. It is creating security holes and making password handling slower.

HeL
if this makes any sense to you, you have a BIG problem
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО09-18-2007 02:31 AM

тАО09-18-2007 02:31 AM

Re: Comments in /etc/passwd file

Refer to the man 4 passwd page. Absolutely nothing is said about lines beginning with '#' being a comment --- as compared, for example, to the man 4 hosts page. Whenever blank lines or comment lines are tolerated, the man page makes mention of the fact. I have seen a few flavors of UNIX that did treat lines in /etc/passwd that began with '#' to be ignored but that is non-standard.

One technique you could use would be to insert a dummy user with an invald password hash and use the gecos field of this user as a comment but why insert a dummy user and have to explain the justification for it?

It makes much more sense to maintain a parallel database that keeps up with when a user was created and when the account was disabled/deleted. That proves to be much more useful in an audit.
If it ain't broke, I can fix that.
0 Kudos
Reply
Ernesto Cappello
Trusted Contributor

тАО09-19-2007 09:44 PM

тАО09-19-2007 09:44 PM

Re: Comments in /etc/passwd file

Hi Matt
you can insert, without problem, the standard comment "#".

For example:

# inserted 2007-09-20 by Ernesto
ernesto:ZZwoAzitqcXWw:0001:200:Ernesto Cappello (Ernesto):/home/ernesto:/bin/csh

BR.
Ernesto
0 Kudos
Reply
Matthew Holdsworth
Advisor

тАО09-19-2007 10:17 PM

тАО09-19-2007 10:17 PM

Re: Comments in /etc/passwd file

Ernesto,

Thanks for your feedback. There seems to be different views on this subject and judging from some of the responses I would be weary about putting anything else into the passwd file if there could be a risk to security.

I have taken the advice of A.Clay Stephenson and added a descriptive comment into one of the users 'comment' fields. Luckily we do not use the finger command so this comment will never be picked up by normal users.

Thanks to everyone for commenting on this subject.

Regards

Matt
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.