All geek questions in one place

Protecting / etc / passwd and / etc / shadow from simultaneous access

How to protect / etc / passwd and / etc / shadow from simultaneous access? I do not see any locking mechanism in pwd.h I see that the manual for pwd_mkdb mentions getting a lock, but does it just lock the file for exclusive access?

Is there an agreement to lock these files if I had to write a utility to modify them directly or through the get / set / endpwent family of functions?

+4
source share
1 answer

I think most applications use PAM these days, right? http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_ADG.html However, you can look at the source for `pam_unix.so 'to see how they do it. I looked at pam_unix_passwd.c and followed this:

 /* update the password database(s) -- race conditions..? */ retval = unix_update_db(pamh, ctrl, user, pass_old, pass_new);

In here , which has many functions with the prefix `pwdb '. Googling discovered this again, which I think is the source of passwd .

As a result, I think libpwdb used to edit these files. Of course, I see that:

 #include <pwdb/pwdb_public.h> #include <pwdb/pwdb_shadow.h>

But find . -name "*pwdb*" 2>/dev/null find . -name "*pwdb*" 2>/dev/null has not yet found anything on my system.

+3
source

Source: https://habr.com/ru/post/1302440/

More articles:


All Articles