Re: db of /etc/passwd and /etc/group

To: Craig Sanders <cas@taz.net.au>
Cc: debian-devel@lists.debian.org
Subject: Re: db of /etc/passwd and /etc/group
From: Russell Coker <russell@coker.com.au>
Date: Thu, 14 Jan 1999 19:06:52 +0000
Message-id: <[🔎] 99011419290308.00532@lyta>
Reply-to: russell@coker.com.au
References: <[🔎] 19990113093832.I19674@taz.net.au>

>> If a system contains a nsswitch.conf file similar to the snippet
>> I've included below then would it be possible for utilities such as
>> adduser, passwd, and vipw to run appropriate makedb commands to keep
>> the database in sync?  Or is there something wrong with desiring this
>> type of functionality?
>
>the only thing i have against this idea is that it takes a long time to
>generate the db files.
>
>if passwd and others did that for every change, then it could take
>several minutes (depending on the size of passwd and shadow files) for
>every one...instead of less than a second.
>
>it would often be better to make several changes (e.g. 5 new users, 3
>changed passwords, 7 deleted users) in a batch and then run make in
>/var/db.

For shadow currently you must have the database rebuild before you can use the
new password (using "shadow db files" is the same as "shadow db").  The
alternative is currently to not use the DB for the shadow file.  We could
change the code of course, but this would give the situation where the if the
user changed their password then both the old and new passwords would work
until the next database update - not good if they changed the password because
someone else discovered it.
If you want to add a number of users in a batch then the desirable option is to
not update the database until the end.  Maybe the thing to do is to not have
adduser touch the DB files (new accounts won't be in the DB at all and the
"files" can be examined next).

Let's look at all the options:
userdel - must run make very soon (immidiately?) to deny access.
chfn etc - want to run make some time.
useradd - doesn't really matter when make is run, as long as it happens
eventually.
passwd - if using a DB for shadow file must run make immidiately.

I think that what we need is a new version of at(1) that says to run a
particular job before a certain time.  Then if another process sends the same
request with a different time the job gets run once at the earliest specified
time.  Then a chfn could specify to run make in 30 minutes, then userdel
specifies 2 minutes and overrides the 30 min specified by chfn, then passwd
specifies immidiately and causes the job to run within a matter of seconds and
removes the userdel entry from the queue.

>root /var/db# wc -l /etc/passwd /etc/shadow
>   4924 /etc/passwd
>   4925 /etc/shadow
>   9849 total
>root /var/db# touch /etc/passwd /etc/shadow
>root /var/db# time make
>passwd... done.
>shadow... done.
>
>real  0m38.922s
>user  0m1.800s
>sys   0m4.760s
>
>that's a long time to wait between commands.

A system such as I describe above would remove the need for such processing on
most commands and for the case of "passwd" it would be run in a seperate
process with no delay for the user (maybe passwd should have a 30 second delay
for the case of batch jobs).

--
I am in London and would like to meet any Linux users here.
I plan to work in London for 3 - 6 months...

Reply to:

References:
- Re: db of /etc/passwd and /etc/group
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: XFree86 hamm -> slink upgrade 'dummy' package
Next by Date: Re: What happened to www.us.debian.org?
Previous by thread: Re: db of /etc/passwd and /etc/group
Next by thread: Re: db of /etc/passwd and /etc/group
Index(es):
- Date
- Thread