Some trouble in Solaris passwd and shadow (NIS)

Some trouble in Solaris passwd and shadow (NIS)

Post by Vic » Thu, 10 Oct 2002 16:13:11



hello,
I get some trouble in my NIS server.
I make a perl program to add a group of accouts,
and the process of the program would access the passwd and the shadow directly.
Unfortunately, I made a mistake in my program,
so the passwd and the shadow were modified to wrong format,
that was there were some new created acconts in them,
and the old accounts were deleted by my program.
But I still didn't "make" it, users on the server could login,
and I could "finger" the old accounts.
I think there is some temp file somewhere in the system.
Do someone have any solution to solve the problem.
Thanks very much.
 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by Vic » Thu, 10 Oct 2002 16:21:58


hello,
I get some trouble in my NIS server.
I make a perl program to add a group of accouts,
and the process of the program would access the passwd and the shadow directly.
Unfortunately, I made a mistake in my program,
so the passwd and the shadow were modified to wrong format,
that was there were some new created acconts in them,
and the old accounts were deleted by my program.
But I still didn't "make" it, users on the server could login,
and I could "finger" the old accounts.
I think there is some temp file somewhere in the system.
Do someone have any solution to solve the problem.
Thanks very much.

 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by Martin Pau » Thu, 10 Oct 2002 16:26:19



> Unfortunately, I made a mistake in my program,
> so the passwd and the shadow were modified to wrong format,
> that was there were some new created acconts in them,
> and the old accounts were deleted by my program.

It was not a good idea to test your script with the real copies
of passwd/shadow, especially without keeping a backup copy.
But I assume you know that by now :)

Quote:> But I still didn't "make" it, users on the server could login,
> and I could "finger" the old accounts.
> I think there is some temp file somewhere in the system.
> Do someone have any solution to solve the problem.

Yes, the information is still in NIS' database files, under
/var/yp/<domainname>. The easiest way to get the information
is probably "ypcat passwd" - you should be able to reconstruct
the flat files from that without problems.

hth, mp.
--
                         Martin Paul | Systems Administrator

       University of Vienna, Austria | http://www.par.univie.ac.at/

 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by Michael Tos » Thu, 10 Oct 2002 18:20:03



> hello,
> I get some trouble in my NIS server.
> I make a perl program to add a group of accouts,
> and the process of the program would access the passwd and the shadow directly.
> Unfortunately, I made a mistake in my program,
> so the passwd and the shadow were modified to wrong format,
> that was there were some new created acconts in them,
> and the old accounts were deleted by my program.
> But I still didn't "make" it, users on the server could login,
> and I could "finger" the old accounts.
> I think there is some temp file somewhere in the system.
> Do someone have any solution to solve the problem.
> Thanks very much.

Very simple: restore the two files from your backup!

A more difficult method is to retain the files from

ypcat passwd

you will need another script to split into the two files,
and you'll loose the "last change" field in "shadow".

--

Michael Tosch / Master IS/IT Support
Ericsson Eurolab Deutschland GmbH
Tel: +49 2407 575 313

 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by Ammi » Thu, 10 Oct 2002 20:54:17


Have you checked if you have any online backups from the files?
Like /etc/opasswd and /etc/oshadow.

If you're lucky, you have.

/Ammi


> hello,
> I get some trouble in my NIS server.
> I make a perl program to add a group of accouts,
> and the process of the program would access the passwd and the shadow directly.
> Unfortunately, I made a mistake in my program,
> so the passwd and the shadow were modified to wrong format,
> that was there were some new created acconts in them,
> and the old accounts were deleted by my program.
> But I still didn't "make" it, users on the server could login,
> and I could "finger" the old accounts.
> I think there is some temp file somewhere in the system.
> Do someone have any solution to solve the problem.
> Thanks very much.

 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by Rev. Don Koo » Fri, 11 Oct 2002 08:54:12




>>hello,
>>I get some trouble in my NIS server.
>>I make a perl program to add a group of accouts,
>>and the process of the program would access the passwd and the shadow directly.
>>Unfortunately, I made a mistake in my program,
>>so the passwd and the shadow were modified to wrong format,
>>that was there were some new created acconts in them,
>>and the old accounts were deleted by my program.
>>But I still didn't "make" it, users on the server could login,
>>and I could "finger" the old accounts.
>>I think there is some temp file somewhere in the system.
>>Do someone have any solution to solve the problem.
>>Thanks very much.

> Very simple: restore the two files from your backup!

> A more difficult method is to retain the files from

> ypcat passwd

> you will need another script to split into the two files,
> and you'll loose the "last change" field in "shadow".

        Yeah and the 'script' you need is called "pwconv".  Unfortunately the
people at SUN are idiots and they don't provide an option for it to
process any files except "/etc/passwd" and "/etc/shadow".  What you have
to do first is copy your real "/etc/passwd" and "/etc/shadow" file to a
safe place.  Then do;

# ypcat passwd > /etc/passwd
# pwconv

and copy the resulting "/etc/passwd" and "/etc/shadow" files to wherever
"PWDIR" is set in your "/var/yp/Makefile".  As behind the times as
SOLARIS is, if you didn't modify your "/var/yp/Makefile", your NIS
password database is "/etc/passwd".

                Hope this helps,
                        Don

--
***********************      You a bounty hunter?
* Rev. Don McDonald   *      Man's gotta earn a living.
* Baltimore, MD       *      Dying ain't much of a living, boy.
***********************             "Outlaw Josey Wales"

 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by Rainer Frei » Fri, 11 Oct 2002 18:08:49


"Rev. Don Kool" schrieb:

Quote:

>         Yeah and the 'script' you need is called "pwconv".  Unfortunately the
> people at SUN are idiots and they don't provide an option for it to
> process any files except "/etc/passwd" and "/etc/shadow".  What you have
> to do first is copy your real "/etc/passwd" and "/etc/shadow" file to a
> safe place.  Then do;

Did I miss something and that's the new standard? IBM is doing the same
b...
with AIX 4.3.x. I have a PMR open for more than half a year and they still
can't solve it (I can chanfe passwords everywhere except on the NIS
master).

And no, I don't really want users having accounts on my NIS master from a
security point of view.

regards
        Rainer Freis

 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by Casper H.S. Di » Fri, 11 Oct 2002 19:00:20



>Yes, the information is still in NIS' database files, under
>/var/yp/<domainname>. The easiest way to get the information
>is probably "ypcat passwd" - you should be able to reconstruct
>the flat files from that without problems.

Or makedbm -u

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

Some trouble in Solaris passwd and shadow (NIS)

Post by bit-buc.. » Fri, 11 Oct 2002 23:15:50



: hello,
: I get some trouble in my NIS server.
: I make a perl program to add a group of accouts,
: and the process of the program would access the passwd and the shadow directly.
: Unfortunately, I made a mistake in my program,
: so the passwd and the shadow were modified to wrong format,
: that was there were some new created acconts in them,
: and the old accounts were deleted by my program.

This would be the reason why you should use the tools supplied with
the Operating System for manipulating these files. Your script should
have used 'useradd', 'groupadd' and friends.

: But I still didn't "make" it, users on the server could login,
: and I could "finger" the old accounts.

It sounds like you modified the local files, but the accounts still
exist correctly in the NIS domain.

: I think there is some temp file somewhere in the system.
: Do someone have any solution to solve the problem.
: Thanks very much.

fpsm
--
| Fredrich P. Maney              my_last_name AT my_last_name DOT org |
|   Do NOT send me HTML formatted E-mail or copies of netnews posts!  |
|  Address in header is a spamtrap. Use one in signature for replies. |
|       Please review http://www.maney.org/uce/ before emailing.      |

 
 
 

1. changing passwd on NIS server updates /etc/shadow only and not shadow.byname map

Platform: Suse Linux Professional 9.1

Changing a passwd on an NIS client using the passwd command works
fine.  The /etc/shadow and shadow.byname map gets updated on the NIS
server machine.

However, changing a passwd on the NIS server using the passwd command
only updates the /etc/shadow file.  The shadow.byname map does not get
updated.  The only way I can think of to fix this is to set up a cron
job to periodically run
make -C /var/yp

I am using Thorsten Kukuk's pam_unix2.so module which is suppose to be
 "clever" enough to find out whether the account it's dealing with is
local or NIS but it does not appear to work.

Any idea what's wrong?

2. IBM Internet Connection vs. Linux (kppp)

3. Convert NIS passwd back to standard /etc/passwd & /etc/shadow

4. transparant background in menu?

5. NIS+ users can read shadow from nis+ passwd table

6. disabling r commands..(rsh, rlogin, etc..)

7. HELP: NIS and shadow passwd under Solaris 2.5.x

8. ScsiII hoist adapter that comes with Ricoh mediamaster

9. NIS in linux(no shadow) with solaris (shadow)?

10. solaris 9, NIS, passwd.adjunct break passwd cmd

11. NFS vs NIS -- passwd/shadow????

12. 2.4 + NIS + shadow passwd

13. Central admin. (/etc/passwd/group/shadow) without NIS