Re: duplicate uid warning in daily security check

To: tech-userlevel%netbsd.org@localhost
Subject: Re: duplicate uid warning in daily security check
From: christos%astron.com@localhost (Christos Zoulas)
Date: Thu, 5 Apr 2012 03:05:13 +0000 (UTC)

In article <20120404205716.GO7066%serpens.de@localhost>,
S.P.Zeidler <spz%serpens.de@localhost> wrote:
>Hi,
>
>I have a few intentional duplicate UIDs, and the daily warning is
>annoying me. Proposed fix: make a configurable list of user ids that
>aren't considered for the purpose of duplicate uid detection, and adjust
>/etc/security to fit.
>
>This gives us a new entry in defaults listing "toor":
>
>RCS file: /cvsroot/src/etc/defaults/security.conf,v
>retrieving revision 1.23
>diff -u -u -r1.23 security.conf
>--- defaults/security.conf      5 Feb 2010 16:29:02 -0000       1.23
>+++ defaults/security.conf      4 Apr 2012 20:46:16 -0000
>@@ -41,6 +41,7 @@
> 
> check_passwd_nowarn_shells="/sbin/nologin"
> check_passwd_nowarn_users=""
>+check_passwd_permit_dups="toor"
> check_passwd_permit_star=NO
> check_passwd_permit_nonalpha=NO
> max_loginlen=16
>
>and:
>
>RCS file: /cvsroot/src/etc/security,v
>retrieving revision 1.110
>diff -u -u -r1.110 security
>--- security    2 Mar 2011 17:00:28 -0000       1.110
>+++ security    4 Apr 2012 20:46:16 -0000
>@@ -287,14 +287,18 @@
>                column $OUTPUT
>        fi
> 
>-# To not exclude 'toor', a standard duplicate root account, from the duplicate
>-# account test, uncomment the line below (without egrep in it)and comment
>-# out the line (with egrep in it) below it.
>-#
>-#      < $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2
>-       < $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > 
>$TMP2
>+       awk -v "permit_dups_list=$check_passwd_permit_dups" \
>+       '
>+       BEGIN {
>+               split(permit_dups_list, a);
>+               for (i in a) permit_dups[a[i]]++;
>+       }
>+       {
>+               if (!permit_dups[$1])
>+                       print $2;
>+       }' < $MPBYUID | uniq -d > $TMP2
>        if [ -s $TMP2 ] ; then
>-               printf "\n$MP has duplicate user id's.\n"
>+               printf "\n$MP has duplicate user ids.\n"
>                while read uid; do
>                        grep -w $uid $MPBYUID
>                done < $TMP2 | column
>
>Comments?
>

Go for it.

christos

References:
- duplicate uid warning in daily security check
  - From: S.P.Zeidler

Prev by Date: duplicate uid warning in daily security check
Next by Date: Re: duplicate uid warning in daily security check
Previous by Thread: duplicate uid warning in daily security check
Next by Thread: Re: duplicate uid warning in daily security check
Indexes:

Home | Main Index | Thread Index | Old Index