You are not logged in.

#26 2014-06-13 11:13:50

johannesWinter
Member
Registered: 2014-04-08
Posts: 13

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Hi,

I noticed my last updated modified /etc/passwd and /etc/group

passwd:

root:x:0:0:root:/root:/usr/bin/zsh
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
mail:x:8:12:mail:/var/spool/mail:/bin/false
ftp:x:14:11:ftp:/srv/ftp:/bin/false
http:x:33:33:http:/srv/http:/bin/false
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/bin/false
johannes:x:1000:1000::/home/johannes:/usr/bin/zsh
avahi:x:84:84:avahi:/:/bin/false
polkitd:x:102:102:Policy Kit Daemon:/:/bin/false
usbmux:x:140:140:usbmux user:/:/sbin/nologin
rtkit:x:133:133:RealtimeKit:/proc:/sbin/nologin
gdm:x:120:120:Gnome Display Manager:/var/lib/gdm:/sbin/nologin
git:x:999:999:git daemon user:/:/bin/bash
mysql:x:89:89::/var/lib/mysql:/bin/false
colord:x:124:124::/var/lib/colord:/bin/false
ntp:x:87:87:Network Time Protocol:/var/lib/ntp:/bin/false
systemd-journal-gateway:x:191:191::/:/usr/bin/nologin
systemd-timesync:x:192:192::/:/usr/bin/nologin
systemd-network:x:193:193::/:/usr/bin/nologin

passwd.pacnew:

root:x:0:0:root:/root:/bin/zsh
bin:x:1:1:bin:/bin:/usr/bin/nologin
daemon:x:2:2:daemon:/sbin:/usr/bin/nologin
mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
http:x:33:33:http:/srv/http:/usr/bin/nologin
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/usr/bin/nologin
johannes:x:1000:1000::/home/johannes:/usr/bin/zsh
systemd-journal-gateway:x:191:191:systemd-journal-gateway:/:/usr/bin/nologin
systemd-timesync:x:192:192:systemd-timesync:/:/usr/bin/nologin
systemd-network:x:193:193:systemd-network:/:/usr/bin/nologin

group:

root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root
ftp:x:11:
mail:x:12:
uucp:x:14:
log:x:19:root
utmp:x:20:
locate:x:21:
rfkill:x:24:
smmsp:x:25:
http:x:33:
games:x:50:
lock:x:54:
uuidd:x:68:
dbus:x:81:
network:x:90:
video:x:91:
audio:x:92:
optical:x:93:
floppy:x:94:
storage:x:95:
scanner:x:96:
power:x:98:
nobody:x:99:
users:x:100:
systemd-journal:x:190:
johannes:x:1000:
avahi:x:84:
polkitd:x:102:
usbmux:x:140:
rtkit:x:133:
gdm:x:120:
git:x:999:
mysql:x:89:
colord:x:124:
ntp:x:87:
systemd-journal-gateway:x:191:
systemd-timesync:x:192:
systemd-network:x:193:

group.pacnew:

root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root
ftp:x:11:
mail:x:12:
uucp:x:14:
log:x:19:root
utmp:x:20:
locate:x:21:
rfkill:x:24:
smmsp:x:25:
http:x:33:
games:x:50:
lock:x:54:
uuidd:x:68:
dbus:x:81:
network:x:90:
video:x:91:
audio:x:92:
optical:x:93:
floppy:x:94:
storage:x:95:
scanner:x:96:
power:x:98:
nobody:x:99:
users:x:100:
johannes:x:1000:
systemd-journal:x:190:
systemd-journal-gateway:x:191:
systemd-timesync:x:192:
systemd-network:x:193:

I was puzzled that an update would take my user out of these files. Anyway, I put it back in. Still with all these changes my system didn't boot successfully and I had to revert to the original files. Apparently in passwd false is changed to nologin. Should I use my orignal file and just change every false to nologin there?

Thanks in advance

Offline

#27 2014-06-13 11:20:56

progandy
Member
Registered: 2012-05-17
Posts: 5,212

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

You can simply keep your old passwd and group files. If you want you can change false to nologin, but that is only a cosmetic change.

https://bbs.archlinux.org/viewtopic.php?id=182428

Last edited by progandy (2014-06-13 11:21:33)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#28 2014-06-13 11:48:58

amish
Member
Registered: 2014-05-10
Posts: 471

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

I always make edits to file in such a way that all entries of passwd.pacnew file exist in /etc/passwd and are identical.

i.e. when you do diff /etc/passwd /etc/passwd.pacnew, you only see extra entries (additional users) from /etc/passwd

This time it meant that I also had to change all /bin/false to /usr/bin/nologin

Same for group.pacnew

Offline

#29 2014-06-13 15:05:57

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,917

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Moving " Changes in /etc/passwd and /etc/group" to System Administration and merging with existing thread.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#30 2014-06-25 13:15:46

89c51
Member
Registered: 2012-06-05
Posts: 741

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::


is it safe to replace ! with an x? [/captain hijack mode]

Offline

#31 2014-06-27 16:46:18

ackalker
Member
Registered: 2012-11-27
Posts: 201

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

IMO a package marking files for backup as well as modifying them in the install script at the same time is very confusing for users.

Also, it appears that the /etc/group and /etc/gshadow files as shipped are out of sync (the former contains more (systemd-related) groups than the latter), which may explain some of the problems which some are having.
I've submitted a bug report about this: https://bugs.archlinux.org/task/41010

Last edited by ackalker (2014-06-27 17:03:40)

Offline

#32 2014-06-27 20:34:44

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,245

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

89c51 wrote:

[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::


is it safe to replace ! with an x? [/captain hijack mode]

http://superuser.com/questions/623881/w … etc-shadow


Mike C

Offline

#33 2014-06-28 10:55:08

89c51
Member
Registered: 2012-06-05
Posts: 741

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

mcloaked wrote:
89c51 wrote:

[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::


is it safe to replace ! with an x? [/captain hijack mode]

http://superuser.com/questions/623881/w … etc-shadow

Thanks for the explanation but what is the correct handling? Leave it to ! or replace it with x as in the pacnew.

And it doesn't explain the x in the /etc/shadow

Last edited by 89c51 (2014-06-28 11:08:46)

Offline

#34 2014-06-28 12:29:57

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,245

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

89c51 wrote:
mcloaked wrote:
89c51 wrote:

[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::


is it safe to replace ! with an x? [/captain hijack mode]

http://superuser.com/questions/623881/w … etc-shadow

Thanks for the explanation but what is the correct handling? Leave it to ! or replace it with x as in the pacnew.

And it doesn't explain the x in the /etc/shadow

I found one explanation at http://www.unix.com/solaris/156408-what … -file.html but whether this implies that you need to change anything I don't know - certainly I have not changed my shadow file and the system behaves sensibly as far as I know.  Maybe an expert on login encryption/passwords might chip in.


Mike C

Offline

#35 2014-06-28 13:18:11

89c51
Member
Registered: 2012-06-05
Posts: 741

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

So if x is an impossible value (per your unix.com link) and i means a locked (impossible to login) account they seem equivalent. hmm

Offline

#36 2014-06-28 14:01:58

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,245

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

89c51 wrote:

So if x is an impossible value (per your unix.com link) and i means a locked (impossible to login) account they seem equivalent. hmm

It looks that way! However I am no expert on that and just passed on the link from a google search.


Mike C

Offline

#37 2014-06-28 19:21:47

bstaletic
Member
Registered: 2014-02-02
Posts: 658

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

mcloaked wrote:
89c51 wrote:

So if x is an impossible value (per your unix.com link) and i means a locked (impossible to login) account they seem equivalent. hmm

It looks that way! However I am no expert on that and just passed on the link from a google search.

It's not the same. 'i' mean not possible to login, I don't know what x really means, but it doesn't stop you from logging in.
Here's part of my /etc/passwd

git:x:999:999:git daemon user:/:/bin/bash

There's x, but it's shell is bash. Just out of curiosity I tried loggin in as git user. It worked like it would with any regularly created user. Don't know if I should change shell to /bin/false.

Offline

Board footer

Powered by FluxBB