[PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked

Jens Maus
This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.

Signed-off-by: Jens Maus <[hidden email]>
---
 support/scripts/mkusers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index 2ac76f986..e83aff6e0 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -303,7 +303,7 @@ add_one_user() {
 
     # Remove any previous instance of this user
     for _f in "${PASSWD}" "${SHADOW}"; do
-        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
+        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
     done
 
     _gid="$( get_gid "${group}" )"
--
2.11.0

_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked

Yann E. MORIN-2
Jens, All,

On 2017-06-08 17:26 +0200, Jens Maus spake thusly:

> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <[hidden email]>

Reviewed-by: "Yann E. MORIN" <[hidden email]>

It is to be noted that --follow-symlinks was introduced in sed 4.2,
released 2009-05-11, a bit more than 8 years ago, and this is old enough
that we believe all sane distros have it.

Regards,
Yann E. MORIN.

> ---
>  support/scripts/mkusers | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..e83aff6e0 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -303,7 +303,7 @@ add_one_user() {
>  
>      # Remove any previous instance of this user
>      for _f in "${PASSWD}" "${SHADOW}"; do
> -        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> +        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
>      done
>  
>      _gid="$( get_gid "${group}" )"
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> [hidden email]
> http://lists.busybox.net/mailman/listinfo/buildroot

--
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked

Yann E. MORIN-2
In reply to this post by Jens Maus
Jens, All,

On 2017-06-08 17:26 +0200, Jens Maus spake thusly:

> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <[hidden email]>
> ---
>  support/scripts/mkusers | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..e83aff6e0 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -303,7 +303,7 @@ add_one_user() {
>  
>      # Remove any previous instance of this user
>      for _f in "${PASSWD}" "${SHADOW}"; do
> -        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> +        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"

By the way, you missed a few occurences:
  - line 222
  - line 227
  - line 266

Care to fix those as well and respin, please?

Regards,
Yann E. MORIN.

>      done
>  
>      _gid="$( get_gid "${group}" )"
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> [hidden email]
> http://lists.busybox.net/mailman/listinfo/buildroot

--
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH v2] support/scripts: allow /etc/shadow to be symlinked

Jens Maus
In reply to this post by Jens Maus
This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.

Signed-off-by: Jens Maus <[hidden email]>

---
Changes v1 -> v2:
  - extended follow-symlinks use (requested by Yann)

Signed-off-by: Jens Maus <[hidden email]>
---
 support/scripts/mkusers | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index 2ac76f986..5bbec3e10 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -219,12 +219,12 @@ add_one_group() {
     fi
 
     # Remove any previous instance of this group, and re-add the new one
-    sed -i -e '/^'"${group}"':.*/d;' "${GROUP}"
+    sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GROUP}"
     printf "%s:x:%d:\n" "${group}" "${gid}" >>"${GROUP}"
 
     # Ditto for /etc/gshadow if it exists
     if [ -f "${GSHADOW}" ]; then
-        sed -i -e '/^'"${group}"':.*/d;' "${GSHADOW}"
+        sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GSHADOW}"
         printf "%s:*::\n" "${group}" >>"${GSHADOW}"
     fi
 }
@@ -263,7 +263,8 @@ add_user_to_group() {
 
     for _f in "${GROUP}" "${GSHADOW}"; do
         [ -f "${_f}" ] || continue
-        sed -r -i -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
+        sed -r -i --follow-symlinks \
+                  -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
                   -e 's/^('"${group}"':.*)$/\1,'"${username}"'/;'                           \
                   -e 's/,+/,/'                                                              \
                   -e 's/:,/:/'                                                              \
@@ -303,7 +304,7 @@ add_one_user() {
 
     # Remove any previous instance of this user
     for _f in "${PASSWD}" "${SHADOW}"; do
-        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
+        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
     done
 
     _gid="$( get_gid "${group}" )"
--
2.11.0

_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH v2] support/scripts: allow /etc/shadow to be symlinked

Yann E. MORIN-2
Jens, All,

On 2017-06-12 15:35 +0200, Jens Maus spake thusly:

> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <[hidden email]>

Reviewed-by: "Yann E. MORIN" <[hidden email]>

Regards,
Yann E. MORIN.

> ---
> Changes v1 -> v2:
>   - extended follow-symlinks use (requested by Yann)
>
> Signed-off-by: Jens Maus <[hidden email]>
> ---
>  support/scripts/mkusers | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..5bbec3e10 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -219,12 +219,12 @@ add_one_group() {
>      fi
>  
>      # Remove any previous instance of this group, and re-add the new one
> -    sed -i -e '/^'"${group}"':.*/d;' "${GROUP}"
> +    sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GROUP}"
>      printf "%s:x:%d:\n" "${group}" "${gid}" >>"${GROUP}"
>  
>      # Ditto for /etc/gshadow if it exists
>      if [ -f "${GSHADOW}" ]; then
> -        sed -i -e '/^'"${group}"':.*/d;' "${GSHADOW}"
> +        sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GSHADOW}"
>          printf "%s:*::\n" "${group}" >>"${GSHADOW}"
>      fi
>  }
> @@ -263,7 +263,8 @@ add_user_to_group() {
>  
>      for _f in "${GROUP}" "${GSHADOW}"; do
>          [ -f "${_f}" ] || continue
> -        sed -r -i -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
> +        sed -r -i --follow-symlinks \
> +                  -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
>                    -e 's/^('"${group}"':.*)$/\1,'"${username}"'/;'                           \
>                    -e 's/,+/,/'                                                              \
>                    -e 's/:,/:/'                                                              \
> @@ -303,7 +304,7 @@ add_one_user() {
>  
>      # Remove any previous instance of this user
>      for _f in "${PASSWD}" "${SHADOW}"; do
> -        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> +        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
>      done
>  
>      _gid="$( get_gid "${group}" )"
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> [hidden email]
> http://lists.busybox.net/mailman/listinfo/buildroot

--
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH v2] support/scripts: allow /etc/shadow to be symlinked

Thomas Petazzoni-2
In reply to this post by Jens Maus
Hello,

On Mon, 12 Jun 2017 15:35:54 +0200, Jens Maus wrote:

> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <[hidden email]>
>
> ---
> Changes v1 -> v2:
>   - extended follow-symlinks use (requested by Yann)

Applied to master, thanks.

Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Loading...