The only change that I'd suggest to the above "trick" is ... that you
deliberately break it down into a series of smaller steps.
For instance,
"first run that grep/cut sequence to create a
file ... containing the
proposed(!) set of changes."[/i] Then, open the sucker up and carefully
eyeball it. Then, perhaps, use
xargs to execute the actual commands.
The customer's reasoning, and your general solution, is quite sound. Although you might, with rootly powers,
compare two lists (one of them being the "shadow" file) ...
n-e-v-e-r attempt to modify such files directly.