Subject: pwd_mkdb hook script?
To: None <>
From: Emmanuel Dreyfus <>
List: tech-userlevel
Date: 08/16/2001 22:02:17
I need to keep the password database of PostgreSQL in sync with the
system database. I don't want to give PostgreSQL access to
/etc/master.passwd, hence the solution for me is to generate a pg_shadow
file from my /etc/master.password, copying only the revelant accounts.

This could be done as a batch job each night, but it wouldn't be very
convenient. It's far more convenient to rebuild my file each time
master.passwd is touched.

master.passwd can be touched by vipw or passwd. In each case, the
pwd_mkdb command is called at the end (maybe through the pw_mkdb()
libutil call). So I added execution of a hook script to do all the
additionnal processing I need after the password file is changed. 

Here is the patch, is it interesting for NetBSD?

Additionnaly, about pwd_mkdb being in /usr/sbin: do we really want to
need a mounted /usr in order to modify the password databse?

RCS file: /cvsroot/basesrc/include/pwd.h,v
retrieving revision 1.22
diff -U4 -r1.22 pwd.h
--- pwd.h       2000/09/18 16:27:24     1.22
+++ pwd.h       2001/08/16 19:55:34
@@ -53,8 +53,10 @@
 #define        _PATH_PASSWDCONF        "/etc/passwd.conf"
 #define        _PATH_MASTERPASSWD      "/etc/master.passwd"
 #define        _PATH_MASTERPASSWD_LOCK "/etc/ptmp"
+#define        _PATH_RC_PWD_MKDB       "/etc/rc.pwd_mkdb"
 #define        _PATH_MP_DB             "/etc/pwd.db"
 #define        _PATH_SMP_DB            "/etc/spwd.db"
 #define        _PATH_PWD_MKDB          "/usr/sbin/pwd_mkdb"
RCS file: /cvsroot/basesrc/usr.sbin/pwd_mkdb/pwd_mkdb.c,v
retrieving revision
diff -U4 -r1.17.4.4 pwd_mkdb.c
--- pwd_mkdb.c  2001/02/03 20:52:31
+++ pwd_mkdb.c  2001/08/16 14:52:18
@@ -103,8 +103,9 @@
        FILE *fp, *oldfp;
        sigset_t set;
        int ch, makeold, tfd, hasyp, flags, lineno;
        struct passwd pwd;
+       char *args[2];
        hasyp = 0;
        oldfp = NULL;
        prefix[0] = '\0';
@@ -273,8 +274,16 @@
         * The rename means that everything is unlocked, as the original
         * file can no longer be accessed.
        install(pname, _PATH_MASTERPASSWD);
+       /*
+        * Run pwd_mkdb hooks in /etc/rc.pwd_mkdb, if available
+        */
+       args[0] = "rc.pwd_mkdb";
+       args[1] = NULL;
+       execve(_PATH_RC_PWD_MKDB, args, NULL);
        /* NOTREACHED */
RCS file: /cvsroot/basesrc/usr.sbin/pwd_mkdb/pwd_mkdb.8,v
retrieving revision
diff -U4 -r1.11.4.1 pwd_mkdb.8
--- pwd_mkdb.8  2000/08/07 14:25:00
+++ pwd_mkdb.8  2001/08/16 14:52:18
@@ -82,9 +82,16 @@
 The databases are used by the C library password routines (see
 .Xr getpwent 3 ) .
+has successfully copied the database, it attempts to run a script from
+.Pa /etc/rc.pwd_mkdb .
+This script is there to help adding site specific setup after the 
+passwrd databases has been modified.
 exits zero on success, non-zero on failure.
 .Bl -tag -width Pa -compact
 .It Pa /etc/master.passwd
@@ -94,8 +101,10 @@
 .It Pa /etc/pwd.db
 The insecure password database file.
 .It Pa /etc/pwd.db.tmp
 A temporary file.
+.It Pa /etc/rc.pwd_mkdb
+Script to execute after updating the password database.
 .It Pa /etc/spwd.db
 The secure password database file.
 .It Pa /etc/spwd.db.tmp
 A temporary file.

Emmanuel Dreyfus
UNIX *is* user friendly. It is just a bit selective about his friends