change security so that there is a configuration value for the list of

users who will not be considered for duplicate uid check. Seed it with 'toor' in defaults/security.conf.
2012-04-05 09:09:27 +00:00 · 2012-04-05 09:09:27 +00:00 · c6302b7410
commit c6302b7410
parent ab3e9955f7
2 changed files with 14 additions and 9 deletions
--- a/etc/defaults/security.conf
+++ b/etc/defaults/security.conf
@ -1,4 +1,4 @@
-#	$NetBSD: security.conf,v 1.23 2010/02/05 16:29:02 jmmv Exp $
+#	$NetBSD: security.conf,v 1.24 2012/04/05 09:09:27 spz Exp $
 #
 # /etc/defaults/security.conf --
 #	default configuration of /etc/security.conf
@ -41,6 +41,7 @@ check_mtree_follow_symlinks=NO

 check_passwd_nowarn_shells="/sbin/nologin"
 check_passwd_nowarn_users=""
+check_passwd_permit_dups="toor"
 check_passwd_permit_star=NO
 check_passwd_permit_nonalpha=NO
 max_loginlen=16
--- a/etc/security
+++ b/etc/security
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$NetBSD: security,v 1.110 2011/03/02 17:00:28 christos Exp $
+#	$NetBSD: security,v 1.111 2012/04/05 09:09:27 spz Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #

@ -287,14 +287,18 @@ if checkyesno check_passwd; then
 		column $OUTPUT
 	fi

-# To not exclude 'toor', a standard duplicate root account, from the duplicate
-# account test, uncomment the line below (without egrep in it)and comment
-# out the line (with egrep in it) below it.
-#
-#	< $MPBYUID uniq -d -f 1 | awk '{ print $2 }' > $TMP2
-	< $MPBYUID egrep -v '^toor ' | uniq -d -f 1 | awk '{ print $2 }' > $TMP2
+	awk -v "permit_dups_list=$check_passwd_permit_dups" \
+	'
+	BEGIN {
+		split(permit_dups_list, a);
+		for (i in a) permit_dups[a[i]]++;
+	}
+	{
+		if (!permit_dups[$1])
+			print $2;
+	}' < $MPBYUID | uniq -d > $TMP2
 	if [ -s $TMP2 ] ; then
-		printf "\n$MP has duplicate user id's.\n"
+		printf "\n$MP has duplicate user ids.\n"
 		while read uid; do
 			grep -w $uid $MPBYUID
 		done < $TMP2 | column