[src/trunk]: src/etc change security so that there is a configuration value f...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/etc change security so that there is a configuration value f...
From: spz <spz%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 23:08:51 +0000

details:   https://anonhg.NetBSD.org/src/rev/1cd8ea60e1de
branches:  trunk
changeset: 778568:1cd8ea60e1de
user:      spz <spz%NetBSD.org@localhost>
date:      Thu Apr 05 09:09:27 2012 +0000

description:
change security so that there is a configuration value for the list of
users who will not be considered for duplicate uid check.
Seed it with 'toor' in defaults/security.conf.

diffstat:

 etc/defaults/security.conf |   3 ++-
 etc/security               |  20 ++++++++++++--------
 2 files changed, 14 insertions(+), 9 deletions(-)

diffs (54 lines):

diff -r 0c93cd720606 -r 1cd8ea60e1de etc/defaults/security.conf
--- a/etc/defaults/security.conf        Thu Apr 05 07:26:36 2012 +0000
+++ b/etc/defaults/security.conf        Thu Apr 05 09:09:27 2012 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: security.conf,v 1.23 2010/02/05 16:29:02 jmmv Exp $
+#      $NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $
 #
 # /etc/defaults/security.conf --
 #      default configuration of /etc/security.conf
@@ -41,6 +41,7 @@
 
 check_passwd_nowarn_shells="/sbin/nologin"
 check_passwd_nowarn_users=""
+check_passwd_permit_dups="toor"
 check_passwd_permit_star=NO
 check_passwd_permit_nonalpha=NO
 max_loginlen=16
diff -r 0c93cd720606 -r 1cd8ea60e1de etc/security
--- a/etc/security      Thu Apr 05 07:26:36 2012 +0000
+++ b/etc/security      Thu Apr 05 09:09:27 2012 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#      $NetBSD: security,v 1.110 2011/03/02 17:00:28 christos Exp $
+#      $NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $
 #      from: @(#)security      8.1 (Berkeley) 6/9/93
 #
 
@@ -287,14 +287,18 @@
                column $OUTPUT
        fi
 
-# To not exclude 'toor', a standard duplicate root account, from the duplicate
-# account test, uncomment the line below (without egrep in it)and comment
-# out the line (with egrep in it) below it.
-#
-#      < $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2
-       < $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+       awk -v "permit_dups_list=$check_passwd_permit_dups" \
+       '
+       BEGIN {
+               split(permit_dups_list, a);
+               for (i in a) permit_dups[a[i]]++;
+       }
+       {
+               if (!permit_dups[$1])
+                       print $2;
+       }' < $MPBYUID | uniq -d > $TMP2
        if [ -s $TMP2 ] ; then
-               printf "\n$MP has duplicate user id's.\n"
+               printf "\n$MP has duplicate user ids.\n"
                while read uid; do
                        grep -w $uid $MPBYUID
                done < $TMP2 | column

Prev by Date: [src/trunk]: src/sys/kern Fix vn_lock() to return an invalid (dead, clean) vnode
Next by Date: [src/trunk]: src/sys/dev/wsfont remove the FreeMono font for licensing reasons
Previous by Thread: [src/trunk]: src/sys/kern Fix vn_lock() to return an invalid (dead, clean) vnode
Next by Thread: [src/trunk]: src/sys/dev/wsfont remove the FreeMono font for licensing reasons
Indexes:

Home | Main Index | Thread Index | Old Index