You are not logged in.

#1 2014-06-05 09:31:26

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Today (5 June 2014) , while an upgrade, I have a /etc/group.pacnew as well as /etc/passwd.pacnew. These files cause confusion. Unlike most other configuration files, these files are not usually edited directly and some packages update them. In my case /etc/group appears to be the same as /etc/group with the following extra lines:

oxxxxx:x:1000:oxxxxx
avahi:x:84:
polkitd:x:102:
git:x:999:
ntp:x:87:
colord:x:124:
spamd:x:182:

The first line is my name, no problem; my understanding is that the other lines were added by the corresponding packages and that I must leave them as is. But maybe some of these lines are deprecated and must be removed? How can I know?

For /etc/passwd, it appears that the login of systemd-journal-gateway has been changed from /bin/nologin to /bin/false and I think I must make this change and leave the other lines as is. But once again I cannot be sure some of the other extra lines in /etc/passwd should not be removed.

Also am I correct that I must run grpconv and pwdconv after the change to update the corresponding shadow files?

I thing the handling of these two files should be clarified somewhere in the documentation. Other configuration files are usually edited by hand and it's obvious how to merge the new ones, but these two files are different.

Last edited by olive (2014-06-05 09:34:46)

Offline

#2 2014-06-05 10:38:26

ukhippo
Member
From: Non-paged pool
Registered: 2014-02-21
Posts: 366

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

I don't know about “correct”, but all I did was overwrite the changed systemd-* entries with those from the .pacnew and then ran pwck and grpck as a sanity check.

Last edited by ukhippo (2014-06-05 10:38:57)

Offline

#3 2014-06-05 12:11:57

clfarron4
Member
From: London, UK
Registered: 2013-06-28
Posts: 2,163
Website

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

I haven't done the updating of the files, but I'd probably look at both, merge the new changes and do a sanity check as ukhippo suggests.


Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository

Offline

#4 2014-06-06 15:23:32

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

clfarron4 wrote:

I haven't done the updating of the files, but I'd probably look at both, merge the new changes and do a sanity check as ukhippo suggests.

And I'd probably _think_ before proposing stupid things... And then take a long look at /var/lib/pacman/local/filesystem-2014.06-1/install.

To answer the original question: you don't have to do anything.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#5 2014-06-06 15:39:07

bstaletic
Member
Registered: 2014-02-02
Posts: 658

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Leonid.I wrote:

And I'd probably _think_ before proposing stupid things... And then take a long look at /var/lib/pacman/local/filesystem-2014.06-1/install.

To answer the original question: you don't have to do anything.

You're wrong. Take a look at the wiki page concerning dealing with these files. Then check if there is a group like "git" or "ntp" in your earlier /etc/group. Then check if there's anything about that group in /var/lib/pacman/local/filesystem-2014.06-1/install.

Wiki says to do just what ukhippo suggested, and there's nothing about any of the groups I mentioned in the file.

Offline

#6 2014-06-06 16:23:12

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

bstaletic wrote:
Leonid.I wrote:

And I'd probably _think_ before proposing stupid things... And then take a long look at /var/lib/pacman/local/filesystem-2014.06-1/install.

To answer the original question: you don't have to do anything.

You're wrong. Take a look at the wiki page concerning dealing with these files. Then check if there is a group like "git" or "ntp" in your earlier /etc/group. Then check if there's anything about that group in /var/lib/pacman/local/filesystem-2014.06-1/install.

I sense lots of confusion here, so let me explain in detail.

The .install script in the filesystem package is provided specifically to ensure that already running systems will keep running with new packages which require new user/groups, like systemd-timesyncd, by adding users/groups via post_upgrade() as well as checking that "standard" users/groups exist. For example

post_upgrade() {
	_addgroup optical -g 93
	_addgroup audio   -g 92
	_addgroup video   -g 91
...
	_addgroup systemd-network -g 193
	_adduser systemd-network -u 193 -g 193 -d / -s /usr/bin/nologin
...

Yes, you may have git and ntp which were added by corresponding packages and "vanilla" passwd/group doesn't have these.

Hence, there is no need to merge {group,passwd}.pacnew files manually, just rm them. They are _not_ like other config files. In fact, they probably shouldn't even be in the backup array of filesystem (just like resolv.conf).

bstaletic wrote:

Wiki says to do just what ukhippo suggested, and there's nothing about any of the groups I mentioned in the file.

Yes, and wiki is the Ultimate Truth of course, right?


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#7 2014-06-06 16:39:36

progandy
Member
Registered: 2012-05-17
Posts: 5,268

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Leonid.I wrote:

Hence, there is no need to merge {group,passwd}.pacnew files manually, just rm them. They are _not_ like other config files. In fact, they probably shouldn't even be in the backup array of filesystem (just like resolv.conf).

I believe {group,passwd} are part of the backup array in order to get the pacsave files in case you accidentally? unistall your filesystem package. It would be a hassle to get all user and group ids back in working order if these files were lost.
resolv.conf is not that mission-critical. A simple entry of e.g. 8.8.8.8 will work until you get the ips of your own nameservers back.

Last edited by progandy (2014-06-06 16:41:20)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#8 2014-06-06 17:09:55

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

progandy wrote:

I believe {group,passwd} are part of the backup array in order to get the pacsave files in case you accidentally? unistall your filesystem package

I would think that the primary reason that they end up in the backup array is so that they won't be overwritten.  It would be a bad thing to have all your users and groups reset upon every filesystem update.

Offline

#9 2014-06-06 19:16:38

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Maybe this is a bug, but the /etc/passwd file in the filesystem package doesn't jive with the modifications made by the .install script. Eg. /etc/passwd from filesystem-2014.05-2:

http:x:33:33:http:/srv/http:/bin/false
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
systemd-journal-gateway:x:191:191:systemd-journal-gateway:/:/bin/false
systemd-timesync:x:192:192:systemd-timesync:/:/bin/false

The .install script sets the shell to /usr/bin/nologin for all of these. So if you merge the .pacnew file, you're actually undoing some of what was updated. At least that's what's been happening to me since I always merged these files.

Thanks to Leonid.I for 'splaining things, otherwise I wouldn't have realized this.

Edit: so much for that theory. If the .install script is supposed to update the existing passwd file, it ain't working. After updating my home machine, http, uuid and dbus were still /bin/false, /sbin/nologin, and /sbin/nologin respectively.

Last edited by alphaniner (2014-06-07 01:15:51)


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#10 2014-06-07 19:57:37

sl1pkn07
Member
From: Spanishtán
Registered: 2010-03-30
Posts: 371

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

new filesystem (2014.06-1) package change the "/bin/false" to "/usr/bin/nologin"

but other packages like avahi, tor, postfix, etc still use "/bin/false" (or "/sbin/nologin")

need change to "/usr/bin/nologin"? or need wait the package update

greetings

Last edited by sl1pkn07 (2014-06-08 23:04:50)

Offline

#11 2014-06-07 20:04:29

Scimmia
Fellow
Registered: 2012-09-01
Posts: 12,132

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Doesn't matter, they're functionally the same.

Offline

#12 2014-06-07 20:15:09

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Offline

#13 2014-06-08 19:52:14

89c51
Member
Registered: 2012-06-05
Posts: 741

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

(same question as sl1pkn07) So we just do nothing and wait the packagers/maintainert take care of it?

Offline

#14 2014-06-08 20:35:35

clfarron4
Member
From: London, UK
Registered: 2013-06-28
Posts: 2,163
Website

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

89c51 wrote:

(same question as sl1pkn07) So we just do nothing and wait the packagers/maintainert take care of it?

It says in the bug report: https://bugs.archlinux.org/task/40690

falconindy wrote:

I'll fix this the next time I do a filesystem release.


Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository

Offline

#15 2014-06-08 21:03:33

89c51
Member
Registered: 2012-06-05
Posts: 741

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Thnanks. While i clicked on it i didn't read the comments. neutral

Offline

#16 2014-06-09 04:11:06

henk
Member
From: Weert, Netherlands
Registered: 2013-01-01
Posts: 334

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Today's update of /etc/paswd showed the following change for most of the normal existing entries,
present passwd file:

bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
mail:x:8:12:mail:/var/spool/mail:/bin/false
ftp:x:14:11:ftp:/srv/ftp:/bin/false
http:x:33:33:http:/srv/http:/bin/false
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/bin/false

the pacnew file:

bin:x:1:1:bin:/bin:/usr/bin/nologin
daemon:x:2:2:daemon:/sbin:/usr/bin/nologin
mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
http:x:33:33:http:/srv/http:/usr/bin/nologin
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/usr/bin/nologin 

Should I pass this change to /usr/bin/nologin onto entries created during the setup of the system?

<snip>
polkitd:x:102:102:Policy Kit Daemon:/:/bin/false
avahi:x:84:84:avahi:/:/bin/false
mysql:x:89:89::/var/lib/mysql:/bin/false
kdm:x:135:135::/var/lib/kdm:/bin/false
<snip>

Offline

#17 2014-06-09 04:12:51

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

I actually don't think it makes a difference.  I didn't change it and my shit hasn't borked yet.

Read through this thread though: https://bbs.archlinux.org/viewtopic.php?id=182428

Offline

#18 2014-06-09 04:33:20

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Merging...


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#19 2014-06-09 04:55:20

henk
Member
From: Weert, Netherlands
Registered: 2013-01-01
Posts: 334

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

jasonwryan wrote:

Merging...

Just as I was submitting a reply to Wonderwoofy.....there were some surprising moments there.
Anyhow, thank you Wonderwoofy for the reply. Things are clear now.

Offline

#20 2014-06-09 05:06:22

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Oh, sorry.  I also reported the thread to be merged here since it is covering the same topic.

Offline

#21 2014-06-09 11:07:15

ppsalama
Member
From: Spain
Registered: 2012-01-29
Posts: 83

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Hello
If I compare my group and passwd with the "pacnew" ones I see that I have the same lines (even more) but in different sequence (all lines in pacnew are in my files -although personalized-), so I guess I have to do nothing, is it so?

I have read that never mind "false" or "nobody" (they're functionally the same) but which is better?
Thanks

Last edited by ppsalama (2014-06-09 11:07:35)

Offline

#22 2014-06-09 17:44:44

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

WonderWoofy wrote:
progandy wrote:

I believe {group,passwd} are part of the backup array in order to get the pacsave files in case you accidentally? unistall your filesystem package

I would think that the primary reason that they end up in the backup array is so that they won't be overwritten.  It would be a bad thing to have all your users and groups reset upon every filesystem update.

Yes, you right -- my bad.

alphaniner wrote:

Edit: so much for that theory. If the .install script is supposed to update the existing passwd file, it ain't working. After updating my home machine, http, uuid and dbus were still /bin/false, /sbin/nologin, and /sbin/nologin respectively.

The .install script only checks the presence of a user, and does nothing if it finds that user. This is the correct behavior because otherwise your modifications would be lost. Having said that, having /sbin/nologin or /bin/false is all the same. There is a cosmetic difference between them -- read man nologin.

Again, if your group/passwd files are functional before the update -- keep them as is (unless you wan to do cosmetic changes). If they are missing a user/group needed for some package that you don't have yet (and .pacnew files ship that user/group), this user/group should be added by that package's post_install(), e.g. systemd-timesyncd...


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#23 2014-06-11 14:15:10

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

@Leonid.I: Thanks for clearing that up.


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#24 2014-06-11 16:58:03

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,965
Website

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

WonderWoofy wrote:

I actually don't think it makes a difference.  I didn't change it and my shit hasn't borked yet.

Read through this thread though: https://bbs.archlinux.org/viewtopic.php?id=182428

I thought that posting a recursive link was just sarcastic humor until I saw that the thread had been merged.


Some of you may find my pacnew merge scripts useful for handling these files: http://xyne.archlinux.ca/projects/pacnew_scripts/


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#25 2014-06-11 22:00:18

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew

Way to post 5000 times Xyne!

Offline

Board footer

Powered by FluxBB