Jason Edgecombe wrote:
Hi,
I'm using a perl script to read a file from AFS with a list of users in
passwd format and append those users to /etc/passwd. The problem is that
about once every few months, the systems account, like root, vanish
from the passwd file, but the backup passwd file, passwd- where I store
the system accounts still exists.
I suspect that something else is messing with the passwd file at the
same time that I am, but I don't know what.
I have attached my perl script for reference. how can I safely update
the /etc/passwd and /etc/shadow files?
What is the best practice? I don't want to set up an LDAP server because
of internal politics and the extra work involved.
I feel your pain; we used to have a horribly intricate
spaghetti-code-bunch of shell scripts to push passwd contents around,
manage the ssh keys and cronjobs needed for this etc. Eventually I grew
tired of it and we now use LDAP. Anyway, since that's not an option for
you (and yeah, ldap does have issues of its own as well, so the grass is
not that much greener on this side of the fence, unfortunately), a few
things about locking since that seems the most likely candidate:
* Generally, you shouldn't use flock(), instead use fcntl() or lockf()
(lockf being a wrapper around fcntl, at least on Linux). flock, for one,
is separate from fcntl locks, and doesn't work over NFS (might work over
AFS, but I wouldn't bet on it). Well, perhaps the flock you use is
really fcntl since it seems to be part of the fcntl module, but I don't
know enough of Perl to tell.
* It seems the /etc/passwd-manipulating utilities (chfn, chsh, adduser,
vipw, etc.) don't use file locking, but rather old school lock files.
Something like (from http://lwn.net/Articles/6137/) the following for
editing /etc/passwd :
1. /etc/ptmptmp file is opened with O_WRONLY|O_CREAT|O_EXCL, 0644 perms
2. the file is hard linked to /etc/ptmp, exit on failure
3. /etc/ptmptmp is removed
The new /etc/passwd is then created by writing to the fd from step 1,
and presumably reading from the existing /etc/passwd, your afs_passwd
file, and whatever. When the new passwd is done, it's not simply copied
over /etc/passwd (for one thing, copying is not atomic so it's prone to
racing) but rather
4. /etc/passwd.OLD is removed
5. /etc/passwd is hard linked to /etc/passwd.OLD
6. /etc/ptmp is renamed to /etc/passwd
--
Janne Blomqvist
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
