of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if
they have one) and handling this file along with all the other
CHANGELIST stuff.
Greg Woods gets points for coming up with the idea.
Luke Mewburn asked me to do it, and provided lots of criticism along
the way.
1) If a password entry is of the form \*[A-z-]+, do not complain that
the account is off but has a valid password. Thus you can do
passwords like *ssh to indicate ssh only logins.
We should come up with a standard scheme for what various *keywords mean.
Note that if the field length is 13, 20 or 34 you'll still get
bitched at.
This code should be cleaned up. (So should the password scheme.)
2) If the entry is for "toor", don't complain that the account is off
but has a valid shell. We ship with toor:*:, there is no point in
complaining about it.
Part of the campaign against spurious security warning output.
to the basename of the file, use the whole path with $backup_dir
prepended, in effect mirrorring the directory tree. This eliminates
the possibility of a name collision.
Closes pr bin/12727.
directory from /var/backup (useful for those of us who have a separate /var
and would like to have our backup disklabels on the root filesystem).
Default behaviour unchanged. backup_dir being unset is taken as /var/backup.
directories with -maproot=nobody on the server. The argument to be
made is that if NetBSD's root can't read these files, it shouldn't
try to check them.
should detect added or removed disks as well. backup labels go in
/var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the
changelist style backups have .current or .backup suffixes
* minor whitespace, formatting, and comment cleanup
* When a file is removed, move its .current file to .backup.
* When a file is added, create its .current file.
* In either case, send a diff against /dev/null.
Mostly from Jim Bernard in PR 4183, with the removal case fixed.
- clean up comments and generated output.
- clean up $SECUREDIR if SIGINT or SIGQUIT received.
- .rhosts may have to be world readable in NFS environments, so allow it to be.
- update list of disks to check for reasonable permissions
- don't show differences in /etc/master.passwd, as the encrypted strings may
be sent. From reading comments earlier in the script, this was the intention
anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994].
- when checking /etc/ftpusers, skip comment lines and only match full
usernames.
XXX: this should be enhanced to check lines of the enhanced ftpusers format.