You are not logged in.
- Topics: Active | Unanswered
#26 2014-06-13 11:13:50
- johannesWinter
- Member
- Registered: 2014-04-08
- Posts: 13
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
Hi,
I noticed my last updated modified /etc/passwd and /etc/group
passwd:
root:x:0:0:root:/root:/usr/bin/zsh
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
mail:x:8:12:mail:/var/spool/mail:/bin/false
ftp:x:14:11:ftp:/srv/ftp:/bin/false
http:x:33:33:http:/srv/http:/bin/false
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/bin/false
johannes:x:1000:1000::/home/johannes:/usr/bin/zsh
avahi:x:84:84:avahi:/:/bin/false
polkitd:x:102:102:Policy Kit Daemon:/:/bin/false
usbmux:x:140:140:usbmux user:/:/sbin/nologin
rtkit:x:133:133:RealtimeKit:/proc:/sbin/nologin
gdm:x:120:120:Gnome Display Manager:/var/lib/gdm:/sbin/nologin
git:x:999:999:git daemon user:/:/bin/bash
mysql:x:89:89::/var/lib/mysql:/bin/false
colord:x:124:124::/var/lib/colord:/bin/false
ntp:x:87:87:Network Time Protocol:/var/lib/ntp:/bin/false
systemd-journal-gateway:x:191:191::/:/usr/bin/nologin
systemd-timesync:x:192:192::/:/usr/bin/nologin
systemd-network:x:193:193::/:/usr/bin/nologinpasswd.pacnew:
root:x:0:0:root:/root:/bin/zsh
bin:x:1:1:bin:/bin:/usr/bin/nologin
daemon:x:2:2:daemon:/sbin:/usr/bin/nologin
mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
http:x:33:33:http:/srv/http:/usr/bin/nologin
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/usr/bin/nologin
johannes:x:1000:1000::/home/johannes:/usr/bin/zsh
systemd-journal-gateway:x:191:191:systemd-journal-gateway:/:/usr/bin/nologin
systemd-timesync:x:192:192:systemd-timesync:/:/usr/bin/nologin
systemd-network:x:193:193:systemd-network:/:/usr/bin/nologingroup:
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root
ftp:x:11:
mail:x:12:
uucp:x:14:
log:x:19:root
utmp:x:20:
locate:x:21:
rfkill:x:24:
smmsp:x:25:
http:x:33:
games:x:50:
lock:x:54:
uuidd:x:68:
dbus:x:81:
network:x:90:
video:x:91:
audio:x:92:
optical:x:93:
floppy:x:94:
storage:x:95:
scanner:x:96:
power:x:98:
nobody:x:99:
users:x:100:
systemd-journal:x:190:
johannes:x:1000:
avahi:x:84:
polkitd:x:102:
usbmux:x:140:
rtkit:x:133:
gdm:x:120:
git:x:999:
mysql:x:89:
colord:x:124:
ntp:x:87:
systemd-journal-gateway:x:191:
systemd-timesync:x:192:
systemd-network:x:193:group.pacnew:
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon
mem:x:8:
kmem:x:9:
wheel:x:10:root
ftp:x:11:
mail:x:12:
uucp:x:14:
log:x:19:root
utmp:x:20:
locate:x:21:
rfkill:x:24:
smmsp:x:25:
http:x:33:
games:x:50:
lock:x:54:
uuidd:x:68:
dbus:x:81:
network:x:90:
video:x:91:
audio:x:92:
optical:x:93:
floppy:x:94:
storage:x:95:
scanner:x:96:
power:x:98:
nobody:x:99:
users:x:100:
johannes:x:1000:
systemd-journal:x:190:
systemd-journal-gateway:x:191:
systemd-timesync:x:192:
systemd-network:x:193:I was puzzled that an update would take my user out of these files. Anyway, I put it back in. Still with all these changes my system didn't boot successfully and I had to revert to the original files. Apparently in passwd false is changed to nologin. Should I use my orignal file and just change every false to nologin there?
Thanks in advance
Offline
#27 2014-06-13 11:20:56
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,269
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
You can simply keep your old passwd and group files. If you want you can change false to nologin, but that is only a cosmetic change.
https://bbs.archlinux.org/viewtopic.php?id=182428
Last edited by progandy (2014-06-13 11:21:33)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#28 2014-06-13 11:48:58
- amish
- Member
- Registered: 2014-05-10
- Posts: 475
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
I always make edits to file in such a way that all entries of passwd.pacnew file exist in /etc/passwd and are identical.
i.e. when you do diff /etc/passwd /etc/passwd.pacnew, you only see extra entries (additional users) from /etc/passwd
This time it meant that I also had to change all /bin/false to /usr/bin/nologin
Same for group.pacnew
Offline
#29 2014-06-13 15:05:57
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,257
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
Moving " Changes in /etc/passwd and /etc/group" to System Administration and merging with existing thread.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#30 2014-06-25 13:15:46
- 89c51
- Member
- Registered: 2012-06-05
- Posts: 741
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::
is it safe to replace ! with an x? [/captain hijack mode]
Offline
#31 2014-06-27 16:46:18
- ackalker
- Member
- Registered: 2012-11-27
- Posts: 201
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
IMO a package marking files for backup as well as modifying them in the install script at the same time is very confusing for users.
Also, it appears that the /etc/group and /etc/gshadow files as shipped are out of sync (the former contains more (systemd-related) groups than the latter), which may explain some of the problems which some are having.
I've submitted a bug report about this: https://bugs.archlinux.org/task/41010
Last edited by ackalker (2014-06-27 17:03:40)
Offline
#32 2014-06-27 20:34:44
- mcloaked
- Member
- From: Yorkshire, UK
- Registered: 2012-02-02
- Posts: 1,276
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::
is it safe to replace ! with an x? [/captain hijack mode]
Mike C
Offline
#33 2014-06-28 10:55:08
- 89c51
- Member
- Registered: 2012-06-05
- Posts: 741
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
89c51 wrote:[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::
is it safe to replace ! with an x? [/captain hijack mode]
Thanks for the explanation but what is the correct handling? Leave it to ! or replace it with x as in the pacnew.
And it doesn't explain the x in the /etc/shadow
Last edited by 89c51 (2014-06-28 11:08:46)
Offline
#34 2014-06-28 12:29:57
- mcloaked
- Member
- From: Yorkshire, UK
- Registered: 2012-02-02
- Posts: 1,276
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
mcloaked wrote:89c51 wrote:[captain hijack mode] The last update also had changes to the /etc/shadow file. Some entries on the old file has ! instead of x in the second field. ie avahi:!:15499::::::
is it safe to replace ! with an x? [/captain hijack mode]
Thanks for the explanation but what is the correct handling? Leave it to ! or replace it with x as in the pacnew.
And it doesn't explain the x in the /etc/shadow
I found one explanation at http://www.unix.com/solaris/156408-what … -file.html but whether this implies that you need to change anything I don't know - certainly I have not changed my shadow file and the system behaves sensibly as far as I know. Maybe an expert on login encryption/passwords might chip in.
Mike C
Offline
#35 2014-06-28 13:18:11
- 89c51
- Member
- Registered: 2012-06-05
- Posts: 741
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
So if x is an impossible value (per your unix.com link) and i means a locked (impossible to login) account they seem equivalent. 
Offline
#36 2014-06-28 14:01:58
- mcloaked
- Member
- From: Yorkshire, UK
- Registered: 2012-02-02
- Posts: 1,276
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
So if x is an impossible value (per your unix.com link) and i means a locked (impossible to login) account they seem equivalent.
It looks that way! However I am no expert on that and just passed on the link from a google search.
Mike C
Offline
#37 2014-06-28 19:21:47
- bstaletic
- Member
- Registered: 2014-02-02
- Posts: 658
Re: Correct handling of /etc/group.pacnew and /etc/passwd.pacnew
89c51 wrote:So if x is an impossible value (per your unix.com link) and i means a locked (impossible to login) account they seem equivalent.
It looks that way! However I am no expert on that and just passed on the link from a google search.
It's not the same. 'i' mean not possible to login, I don't know what x really means, but it doesn't stop you from logging in.
Here's part of my /etc/passwd
git:x:999:999:git daemon user:/:/bin/bashThere's x, but it's shell is bash. Just out of curiosity I tried loggin in as git user. It worked like it would with any regularly created user. Don't know if I should change shell to /bin/false.
Offline