Project

General

Profile

Actions
Copy link

Feature #3243

closed

Add shadow support to getent(1)

Added by Igor Pashev over 10 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Gary Mills
Category:
-
Start date:
2012-09-30
Due date:
% Done:

80%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

./getent shadow root
root:$6$d7xVVR/Q$vvhB7GR0v..tCPZ.71QX3YowcTSwTUBkHH7HdXAr9rWwNKUrs4iBc15ZXeNfIcP1yEioaeMh5oM0i63hO9pVL.:15504:0:99999:7:::-1

Files

Download all files
getent-shadow.patch (3.28 KB) getent-shadow.patch Igor Pashev, 2012-09-30 12:00 PM
illumos-3243-getent-shadow.patch (5.09 KB) illumos-3243-getent-shadow.patch manpage patched Igor Pashev, 2012-10-03 08:44 PM

Related issues

Has duplicate illumos gate - Feature #4076: getent should support shadow lookupsClosedRich Lowe2013-08-23

Actions
Actions
Copy link
 #1

Updated by Milan Jurik over 10 years ago

Why?

Actions
Copy link
 #2

Updated by Igor Pashev over 10 years ago

Milan Jurik wrote:

Why?

Use case:

Administrator removes sudo. Before removing, package manager checks whether root has password (login enabled).

Actions
Copy link
 #3

Updated by Milan Jurik over 10 years ago

  • Status changed from New to Feedback

So package manager checks line in /etc/shadow, grep should be enough for this one.

Actions
Copy link
 #4

Updated by Igor Pashev over 10 years ago

glibc's getent supports shadow, I'm not sure if root account may be in LDAP, or somewhere else.

I don't care much, I'm just sharing my work.

Actions
Copy link
 #5

Updated by Milan Jurik over 10 years ago

The point is that from "somewhere else" you will not receive what you are expecting.

I am only afraid that it will be misleading because getent works with databases and shadow is not database and use case is limited to something which grep for root account can do.

Anyway, we are not doing everything "architecturally" great but mainly useful and if you see it useful, please add manpage diff and I can review it for you.

Actions
Copy link
 #8

Updated by Gary Mills over 10 years ago

`shadow.byname' can certainly be an NIS database. /etc/shadow is indeed a files database.

Actions
Copy link
 #10

Updated by Gary Mills over 9 years ago

  • % Done changed from 0 to 80

A couple of people wanted to see use cases for the modified version of getent. It's a system administration tool, used like many others. It's a bad idea to place artificial limits on system administration. Of course, if you have nsswitch.conf configured to use only local files for passwd and shadow, getent is not necessary for either one.

It's a different story if you have nsswitch.conf configured for multiple sources of information for these two databases. The behavior then is fully described in the getspman man page.

Actions
Copy link
 #11

Updated by Gary Mills about 9 years ago

  • Assignee set to Gary Mills

Igor gave me permission to complete this change.

Actions
Copy link
 #12

Updated by Electric Monk about 9 years ago

git commit 00277c9e43668ff248a12ee635ce125957750373

Author: Gary Mills <gary_mills@fastmail.fm>

3243 Add shadow support to getent(1)
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Reviewed by: Albert Lee <trisk@nexenta.com>
Approved by: Dan McDonald <danmcd@omniti.com>

Actions
Copy link
 #13

Updated by Dan McDonald about 9 years ago

  • Status changed from Feedback to Resolved

See above....

Actions
Copy link

Also available in: Atom PDF