Checking the Files

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Checking the Files

As users are added, updated, and deleted it's quite easy for the administrative files to get out of sync with each other—especially if any manual file edits have been performed. Therefore, in this last section we'll look at a few of the utilities that can be used to check and maintain the related files (/etc/passwd, /etc/shadow, and /etc/group).

`Pwconv`

We've already come across pwconv—it was used in our custom script earlier. It is used to create or update the shadow file, which it does by synchronizing it with the password file.

It uses the second field of /etc/passwd (the encrypted password field) to indicate that the password for this user can be found in /etc/shadow. It does this by moving the encrypted password into /etc/shadow and replacing the original password field in /etc/passwd with an “x.”

This means that if the field is empty, pwconv will create an entry in the shadow file and insert the required “x” into the password file. Similarly, if there is an entry in the shadow file and nothing in the password file, it will remove the shadow entry. It is intelligent enough to know that if a password exists in /etc/passwd, but there isn't an entry for the user in the /etc/shadow file, it may be an old-style password file that is being used. In this case, it will create the correct entry in the shadow file and also move the password there too.

Let's look at the following example, which uses the old-style password entry. In other words, the encrypted password is stored in /etc/passwd and the user doesn't have a /etc/shadow entry:

hydrogen# grep testuser /etc/passwd
testuser:ba7btwLghQU86:500:100:Test User:/home/testuser:/bin/ksh
hydrogen#

Running pwconv and looking at the two files again will give the following result:

hydrogen# grep testuser /etc/passwd
testuser:x:500:100:Test User:/home/testuser:/bin/ksh
hydrogen#

hydrogen# grep testuser /etc/shadow
testuser:ba7btwLghQU86:::::::
hydrogen#

`Pwck` and `Grpck`

Two programs, named pwck and grpck are supplied to check the contents of /etc/passwd and /etc/group, respectively. They will look for missing passwords, incorrect fields, and so on.

To illustrate this, let's alter the testuser's shell to be something that is nonexistent, say /bin/nosuchshell. The output from pwck will report an error as shown below:

hydrogen# passmgmt -m -s /bin/nosuchshell testuser
hydrogen# pwck
testuser:x:500:100::/export/home/testuser:/bin/nosuchshell
        Optional shell file not found
hydrogen#

Using grpck to check the group file may display something similar to that shown below:

hydrogen# grpck
bin::2:root,bin,daemon
        bin - Duplicate logname entry (gid first occurs in
passwd entry)

sys::3:root,bin,sys,adm
        sys - Duplicate logname entry (gid first occurs in
passwd entry)
hydrogen#

`Passwd`

We saw earlier that the passwd command can be used to display a user's details. As a further note, by running it as shown here we can display all the entries in the /etc/passwd file. From there, we can carry out tasks such as searching to locate all locked accounts (LKs) or all accounts without a valid password (NP).

hydrogen# passwd -sa
root  PS
daemon  LK
bin  LK
sys  LK
adm  LK
lp  LK
smtp  LK
uucp  LK
nuucp  LK
listen  LK
nobody  LK
noaccess  LK
nobody4  LK
testuser  LK    12/07/99    0  60  5
hydrogen#

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Checking the Files

Create new playlist

Sign In

Sign Up

Checking the Files

Pwconv

Pwck and Grpck

Passwd

Table of Contents for
Checking the Files

`Pwconv`

`Pwck` and `Grpck`

`Passwd`