[Pkg-shadow-devel] Bug#638263: Bug#638263: shadowconfig uses "pwck -p" and "grpck -p" which aren't actually supported

Nicolas François nicolas.francois at centraliens.net
Fri Sep 9 20:48:16 UTC 2011 

Hello,

On Tue, Sep 06, 2011 at 03:36:59PM -0700, tb at becket.net wrote:
> On Thu, Aug 18, 2011 at 10:10 AM, Nicolas François <
> nicolas.francois at centraliens.net> wrote:
> > On Wed, Aug 17, 2011 at 07:37:47PM -0700, tb at becket.net wrote:
> > >
> > > /sbin/shadowconfig from the passwd package uses "pwck -p" and "grpck -p".
> > On
> > > some other systems, the -p flag to these programs says to silently fix
> > > problems found in those files.
> >
> > Can you point me where "pwck -p" is called?
> 
> In /sbin/shadowconfig, in both the shadowon() and shadowoff() functions;
> passwd package version 1:4.1.4.2+svn3283-2+squeeze1.

This uses pwck -q not pwck -p

> > Could you provide a /etc/group - /etc/gshadow configuration where grpck
> > ignores the -p option and prompt for confirmation?
> 
> # echo mumblefoo:x:5000:mumblemumble >> /etc/group
> # grpck -p
> group mumblefoo: no user mumblemumble
> delete member 'mumblemumble'?

Thanks.

I dig a bit regarding the -p option of grpck.
It was introduced to silently fix a bug in groupdel 10 years ago. I think
this Debian specific patch should be removed.
http://bugs.debian.org/103385

(Also, the patch is now buggy because it does not remove the invalid
lines. It just print Yes, and continue without prompting and removing the
line)

Do you have a description of what the -p option does (for grpck or pwck)
on other systems?
(It might have come from AIX)


Then the question is how shadowconfig should behave?
Currently, with pwck -q, the user is prompted in case of an error which
can be fixed easily interactively, but other errors are not displayed
(e.g. invalid home directory or primary group).
The goal is just to be a bit less verbose, especially because 

The -q option with the same behavior already exists for grpck. It does
nothing because for each error detected, there is a proposed solution
(e.g. delete an invalid line, remove an invalid user from the list of
members / admins)


If the intent is to show the errors without giving the opportunity to fix
the errors, the -r option should be used.

During installs, prompts on stdin are not allowed (debconf would have to
be used), so shadowconfig could be use:
pwck -q -r (to avoid too many warnings and to avoid prompting)
grpck -r   (to avoid prompting)

This behavior should not be the default behavior of shadowconfig, so
shadowconfig should also receive a --no-prompt option to activate the -r
option of the checkers.

Do you agree?

Best Regards
-- 
Nekral

More information about the Pkg-shadow-devel mailing list