You are not logged in.

#1 2012-12-09 08:38:38

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

New /etc/passwd.shadow

I have seen that with an upgrade I have an /etc/shadow.pacnew From what I know it is only a shadow copy of /etc/passwd without the password and can simply be generated by pwconv (similarly /etc/group.shadow can be generated by grpconv). So my question is why archlinux proposes me /etc/shadow.pacnew? What I did is simply fix the new /etc/passwd that were also proposed, rm the /etc/shadow.pacnew and run pwconv. If this is really the good thing to do, /etc/shadow.pacnew shouldn't have been proposed.

Offline

#2 2012-12-09 08:43:45

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: New /etc/passwd.shadow

Well, you have modified these files so .pacnews have to be generated...


Moving to Arch Discussion, as this doesn't seem like an installation or support thread.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2012-12-09 09:09:17

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Re: New /etc/passwd.shadow

jasonwryan wrote:

Well, you have modified these files so .pacnews have to be generated...

But, we do not modify /etc/shadow directly, this is only an automatically generated file. It plays a role similar to
/usr/lib/locale/locale-archive that contains the generated locale. The latest file is produced by locale-gen that we should run after modifying /etc/locale.gen and is not meant to be edited nor to be included in a package. /etc/passwd.shadow plays exactly the same role, it is automatically generated by pwconv that we must run after having modifying /etc/passwd. Am I wrong here?

Offline

#4 2012-12-09 17:39:28

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: New /etc/passwd.shadow

It is still modified: and is specific to your machine, hence the pacnew. How else do you ship a new filesystem package and not generate one?


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2012-12-09 20:41:43

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: New /etc/passwd.shadow

As a side note, I just discovered that you can pass two i's with query in pacman and see if you have modified config files. Its neato!  (So you can see which files will end uo with a pacnew file)

Offline

#6 2012-12-09 21:12:44

orschiro
Member
Registered: 2009-06-04
Posts: 2,136
Website

Re: New /etc/passwd.shadow

Can you post an example?

Offline

#7 2012-12-09 21:15:00

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: New /etc/passwd.shadow

# pacman -Qii filesystem 

Will show you the config files that have been modified in the situation mentioned in the thread.

Notice that I specified a root issued command here.  Typically this is not necessary, but in the instance if the fielsystem package, many of the config files require root permission to be even read.

Offline

#8 2012-12-09 22:53:10

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,131

Re: New /etc/passwd.shadow

That's neat - I didn't know that. However, doesn't it tell you that you may get a pacnew file? Not that you will? That is, you won't get a pacnew file unless there is also an update to the default version of the file, will you?

I didn't know the .shadow files could be generated. I assumed I was meant to update them by hand. If they are meant to be generated, getting pacnew files does seem to be inconsistent with the behaviour of other packages on update. Updates often tell you to run a command post-upgrade (e.g. some cups updates; mkinitcpio gets run automatically on kernel updates; grub will tell you to regenerate the config/reinstall to the drive - or should do, anyway; etc.). But maybe I'm missing some distinction here...?


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#9 2012-12-10 02:46:53

ihre
Member
Registered: 2012-12-10
Posts: 13

Re: New /etc/passwd.shadow

Yesterday I had to merge /etc/group.pacnew, /etc/passwd.pacnew, /etc/shadow.pacnew and /etc/gshadow.pacnew with the original files. Pacman may create *.pac* files, and will report during update or removal. https://wiki.archlinux.org/index.php/Pa … save_Files

I used yaourt -C to review the files, and with Vimdiff you can merge the files (yaourt -C opened Vimdiff when I pressed editor). For example, in the old /etc/shadow file there an entry for the root password, it shouldn't be in the /etc/shadow.pacnew file. Copy the needed lines to the .pacnew file. I backed up the original files, renamed the *.pacnew files and rebooted to be sure. Everything was fine, so I deleted the backup & *.pacnew files.

yaourt -C
Merge files with Vimdiff
cp /etc/passwd /etc/passwd.bak
cp /etc/passwd.pacnew /etc/passwd

reboot
check
delete files

Last edited by ihre (2012-12-10 11:00:35)


i5-2500K | Gene-IV | GTX 680 | 8GB 1866mhz | H2O

Offline

#10 2012-12-10 03:07:42

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: New /etc/passwd.shadow

cfr wrote:

That is, you won't get a pacnew file unless there is also an update to the default version of the file, will you?

This is correct, there has to be a change to the default file I believe.

I think that the shadow, group, gshadow, etc have to have a default file to be shipped, so there would need to be an exception built into pacman to exclude files with system tools for configuration.

Edit: @ihre, simply replaceing your passwd file with the new one is not how you should be doing that.

Last edited by WonderWoofy (2012-12-10 03:09:49)

Offline

#11 2012-12-10 08:13:20

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Re: New /etc/passwd.shadow

I think most of you do not understand my point. I do not understand why /etc/shadow has to be shipped in the first place. It would be best to just ship /etc/passwd and to generate /etc/shadow automatically by pwconv. There are a lot of such files that can be automatically generated and such files are in general not included in the package.

Offline

#12 2012-12-12 00:28:01

jrussell
Member
From: Cape Town, South Africa
Registered: 2012-08-16
Posts: 510

Re: New /etc/passwd.shadow

olive wrote:

I think most of you do not understand my point. I do not understand why /etc/shadow has to be shipped in the first place. It would be best to just ship /etc/passwd and to generate /etc/shadow automatically by pwconv. There are a lot of such files that can be automatically generated and such files are in general not included in the package.

I ran pwconv and now I have two entries for dbus in /etc/shadow:

I manually megerd the shadow.pacnew and had en entry for dbus

dbus:x:14871::::::

after running pwconv I have two entries for dbus:

dbus:x:14871::::::

and

dbus:x:15686:0:99999:7:::

I assume there arnt ment to be two?

*EDIT
Seems either works? I dont get any problems either way (I dont think)
But, I think that:

dbus:x:15686:0:99999:7:::

was the original entry for dbus before the pacnew anyway?

Last edited by jrussell (2012-12-12 00:33:27)


bitcoin: 1G62YGRFkMDwhGr5T5YGovfsxLx44eZo7U

Offline

#13 2012-12-12 08:01:59

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Re: New /etc/passwd.shadow

In case of problem with /etc/shadow, I think the best is to simply delete (backup ) it and to run pwconv (provided /etc/passwd is correct).

Last edited by olive (2012-12-12 08:02:18)

Offline

#14 2012-12-12 10:40:09

jrussell
Member
From: Cape Town, South Africa
Registered: 2012-08-16
Posts: 510

Re: New /etc/passwd.shadow

olive wrote:

In case of problem with /etc/shadow, I think the best is to simply delete (backup ) it and to run pwconv (provided /etc/passwd is correct).

I tried that, using pwconv, every entry looks like this:

(NAME):x:15686:0:99999:7:::

bitcoin: 1G62YGRFkMDwhGr5T5YGovfsxLx44eZo7U

Offline

#15 2012-12-13 07:44:39

Nisstyre56
Member
From: Canada
Registered: 2010-03-25
Posts: 85

Re: New /etc/passwd.shadow

This is probably a good reason to use pacmatic. I've been using it on my laptop for months as an alias for "pacman" and it has been a large improvement imo, as it will nag you to clean up pacnew files, as well as dump any relevant ML info about packages you're installing.


In Zen they say: If something is boring after two minutes, try it for four. If still boring, try it for eight, sixteen, thirty-two, and so on. Eventually one discovers that it's not boring at all but very interesting.
~ John Cage

Offline

#16 2012-12-13 09:33:19

jrussell
Member
From: Cape Town, South Africa
Registered: 2012-08-16
Posts: 510

Re: New /etc/passwd.shadow

olive wrote:

In case of problem with /etc/shadow, I think the best is to simply delete (backup ) it and to run pwconv (provided /etc/passwd is correct).

pwconv doesn't appear to work at all, had to use a install disc to revert to my original shadow file


bitcoin: 1G62YGRFkMDwhGr5T5YGovfsxLx44eZo7U

Offline

#17 2012-12-14 06:49:25

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Re: New /etc/passwd.shadow

I have been a little too fast in my explanations, sorry. The /etc/shadow contains the password (encrypted), all other fields are just irrelevant or mirrors of /etc/passwd. So you need a /etc/shadow field with the passwords in the first place. If the computer is not used by many people, we can indeed run pwconv and then reset all the password (with passwd).

Offline

#18 2012-12-15 20:25:28

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,131

Re: New /etc/passwd.shadow

That doesn't sound like a great strategy. Possible but rather messy. Isn't easier to just edit the file and change the single line than redo all the passwords with passwd?


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#19 2012-12-15 20:30:58

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Re: New /etc/passwd.shadow

cfr wrote:

That doesn't sound like a great strategy. Possible but rather messy. Isn't easier to just edit the file and change the single line than redo all the passwords with passwd?

normally, pwconv can just recreate the new /etc/shadow from /etc/passwd using the old /etc/shadow for the passwords. The normal way is thus just to fix /etc/passwd, and run pwconv. If something does wrong, I think it all depends on the number of users you have. But we must be sure that the files are properly synchronised.

Last edited by olive (2012-12-15 20:31:15)

Offline

Board footer

Powered by FluxBB