Project

General

Profile

Feature #3243

Add shadow support to getent(1)

Added by Igor Pashev about 7 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Start date:
2012-09-30
Due date:
% Done:

80%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

./getent shadow root
root:$6$d7xVVR/Q$vvhB7GR0v..tCPZ.71QX3YowcTSwTUBkHH7HdXAr9rWwNKUrs4iBc15ZXeNfIcP1yEioaeMh5oM0i63hO9pVL.:15504:0:99999:7:::-1

Files

getent-shadow.patch (3.28 KB) getent-shadow.patch Igor Pashev, 2012-09-30 12:00 PM
illumos-3243-getent-shadow.patch (5.09 KB) illumos-3243-getent-shadow.patch manpage patched Igor Pashev, 2012-10-03 08:44 PM

Related issues

Has duplicate illumos gate - Feature #4076: getent should support shadow lookupsClosed2013-08-23

Actions

History

#1

Updated by Milan Jurik about 7 years ago

Why?

#2

Updated by Igor Pashev about 7 years ago

Milan Jurik wrote:

Why?

Use case:

Administrator removes sudo. Before removing, package manager checks whether root has password (login enabled).

#3

Updated by Milan Jurik about 7 years ago

  • Status changed from New to Feedback

So package manager checks line in /etc/shadow, grep should be enough for this one.

#4

Updated by Igor Pashev about 7 years ago

glibc's getent supports shadow, I'm not sure if root account may be in LDAP, or somewhere else.

I don't care much, I'm just sharing my work.

#5

Updated by Milan Jurik about 7 years ago

The point is that from "somewhere else" you will not receive what you are expecting.

I am only afraid that it will be misleading because getent works with databases and shadow is not database and use case is limited to something which grep for root account can do.

Anyway, we are not doing everything "architecturally" great but mainly useful and if you see it useful, please add manpage diff and I can review it for you.

#8

Updated by Gary Mills about 7 years ago

`shadow.byname' can certainly be an NIS database. /etc/shadow is indeed a files database.

#10

Updated by Gary Mills almost 6 years ago

  • % Done changed from 0 to 80

A couple of people wanted to see use cases for the modified version of getent. It's a system administration tool, used like many others. It's a bad idea to place artificial limits on system administration. Of course, if you have nsswitch.conf configured to use only local files for passwd and shadow, getent is not necessary for either one.

It's a different story if you have nsswitch.conf configured for multiple sources of information for these two databases. The behavior then is fully described in the getspman man page.

#11

Updated by Gary Mills over 5 years ago

  • Assignee set to Gary Mills

Igor gave me permission to complete this change.

#12

Updated by Electric Monk over 5 years ago

git commit 00277c9e43668ff248a12ee635ce125957750373

Author: Gary Mills <gary_mills@fastmail.fm>

3243 Add shadow support to getent(1)
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Reviewed by: Albert Lee <trisk@nexenta.com>
Approved by: Dan McDonald <danmcd@omniti.com>

#13

Updated by Dan McDonald over 5 years ago

  • Status changed from Feedback to Resolved

See above....

Also available in: Atom PDF