LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   passwd.new, shadow.new, group.new and gshadow.new after upgrade to slackware 12.1 (https://www.linuxquestions.org/questions/slackware-14/passwd-new-shadow-new-group-new-and-gshadow-new-after-upgrade-to-slackware-12-1-a-680695/)

rhermsen 11-02-2008 03:48 PM
passwd.new, shadow.new, group.new and gshadow.new after upgrade to slackware 12.1
 
Today I successfully upgraded from Slackware 12 to 12.1, but I have loads of questions regarding the following .new config files.
[edit 5-Apr-2010: compared a few items between 12.2 new install and a upgraded system 12 > 12.1 > 12.2]

/etc/passwd.new
/etc/shadow.new
/etc/group.new
/etc/gshadow.new

During the last upgrade from Slackware 11 to 12 I skipped them, but this time I want to know what I should change.


/etc/passwd.new
The new passwd file has the following differences:
1) For most (default) users the /bin/false is added as patch to the default shell.
Should I add this directory to the users with an UID below 100 (except root), and can I do that with vipw or can I better use usermod –s /bin/false <user> to change them one by one?
[edit 5-Apr-2010: for the UID's below 1000 I performed "usermod –s /bin/false <user>" for which this was the case with the new installed 12.2]
2) And the following users seems to be removed: dbus, avahi
Should I remove these two users? [userdel dbus (home dir is /) and userdel avahi (home dir is /)]


/etc/shadow.new
3) I discovered that my shadow file is missing an entry for user apache. This user is present in /etc/passwd.
How can I correct this?
4) The new shadow also shows the users dbus and avahi are removed.
Same as 2)
5) Further I see that for a number of users ! is changed to * (user:!: to user:*: )
I could not find the meaning in “man 5 shadow”
! means (cannot be accessed using a password?)
* means …?
Should I change this, and how (vi)?
6) Maximum password age is set to 99999 with password change warning of 7 days for newer users (e.g. dbus, avahi, haldaemon and the added users)
Should I set this for all users?


/etc/group.new
7) The new group file show a x for the password (group:x: ) i.s.o. notting (so specifies the use of /etc/gshadow as the passwd file).
Should I change the group file, and how (vi)? And should I also change the /etc/gshadow file?
8) For group bin the user ,daemon is removed from the secondary group member list (user daemon already has the group daemon as primary group in /etc/passwd)
Should I remove this in my active group file also? [usermod –G bin,adm daemon]
9) For group audio, video, cdrom and plugdev the user root is added
Should I change this in my active group file? [usermod –G audio,video,cdrom,plugdev,.... root]
10) Removed groups dbus, avahi
Should I remove these groups [groupdel dbus, groupdel avahi]
11) For haldaemon the GIU different (old GID = 71, new is GID = 82). GID 82 is not used. (Same is true for the UID in the /etc/passwd file, where the old UID is 71.)



/etc/gshadow
12) The new gshadow is completely empty.
What is the reason of this empty gshadow.new file? Do I need to take some action?
Is a missing entry in the gshadow file the same as no password in /etc/group (e.g. newgrp <group> cannot be used)?


I hope there is someone that answer at least some of them.

shadowsnipes 11-02-2008 09:04 PM
Personally, I did not see any reason to use the new passwd and group files. I just removed the new ones and kept my old ones. I have had no problems with this, and I have not heard of anyone mentioning otherwise. I go over this and many other upgrade related tasks in my Slackware 12.0-12.1 Upgrade HowTo (see my signature).

You might want to add your users to the lp group (see the HowTo).

wadsworth 11-03-2008 08:48 AM
I've been toying with "Slamd64" a little recently
and saw a passage relating to this in their UPGRADE.TXT
Quote:
13. Be sure to move your *.new config files into place and merge any custom
changes you had made to the originals. To find them, run:
find /etc -name "*.new"
You will need to leave passwd, shadow, group, and gshadow alone for the
most part (do not copy the *.new versions over the existing ones), but
you will need to add any new user/group accounts in passwd.new and
group.new to the existing files...
Seems like this advice should apply to Slackware as well.

rhermsen 11-05-2008 03:18 PM
Shadowsnipes, Wadsworth,

Thanks for your feedback.
Shadowsnipes,
I saw in your howto something about bootsplash, but this is not the bootsplash from www.bootsplash.org, but just a graphical screen during lilo correct?
I will try to get some time this weekend to read your HowTo.


Wadsworth,
In Slackware you have "slocate" which, if your database is up to date will very quickly provide a list of search results.
Updating the database can be performed with the command "updatedb".
So "slocate .new" will give a list of results, about the same as find /etc -name "*.new".



I hope someone can still answer a few of my questions.
I tried to login as apache, but that wasn't possible, so I'm not that concerned anymore.

MS3FGX 11-05-2008 04:18 PM
You should use diff/sdiff to compare the new and old files to see if there are any differences beyond the users and groups you have added. It could be that new groups have been added and some users have been added to different groups.

For example, there were recently changes to the stock users and groups to accommodate the automatic mounting of devices through HAL. If you just deleted the .new file and didn't notice the new groups added, you would probably be scratching your head for some time trying to figure out what went wrong with the upgrade.

That being said, you definitely don't want to overwrite your files with the .new files in this case. Doing so would prevent you from being able to login when you started your machine back up; and in the case of a server with many users and groups you could be looking at a serious problem (of course you should have backups...but that is another topic entirely).

shadowsnipes 11-05-2008 09:37 PM
Quote:
Originally Posted by rhermsen (Post 3332741)
Shadowsnipes, Wadsworth,

Thanks for your feedback.
Shadowsnipes,
I saw in your howto something about bootsplash, but this is not the bootsplash from www.bootsplash.org, but just a graphical screen during lilo correct?
I will try to get some time this weekend to read your HowTo.
Correct. It is just the LILO boot screen splash. It is a simple yet stylish black and white Slackware logo.

MS3FGX,
I don't think there were any real changes in the passwd and group files between 12.0 and 12.1 (at least none that I saw). From 11.0 would likely be a different story though...

I agree that a diff should always be done just to be sure, but something significant like that would most likely be in the CHANGES_AND_HINTS.TXT as well.

rhermsen 11-08-2008 04:59 PM
MS3FGX,

Thanks for pointing out sdiff. I indeed used diff to find the differences of the .new files as you can see in my first post.
with sdiff on the old and new /etc/passwd if discovered there where two other users in the .new file "nobody" and “pop”.
So another question (13), should I add these?

shadowsnipes,
As mentioned in my start post I also didn't tough these 4 files after upgrading from 11.0 to 12.0 (but also then the C&H file didn't mention anything else than now if I'm not mistaken).

I did read your HowTo and it was indeed helpful.
Especially the info about slackpkg.
I always make my packages with my initials in the build, but the output of non-slack packages reminded my of some cleanup I needed to perform on old splashy packages.


All times are GMT -5. The time now is 10:52 PM.