From: ahesford <ahesford@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: xbps-triggers:system-accounts: use grep to check for user/group existent
Date: Thu, 10 Sep 2020 02:37:41 +0200 [thread overview]
Message-ID: <20200910003741.xQNIrvBdxhn3RR1swGXQMcoN9CupxyjB7ttHkb_4m2w@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-24754@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 1573 bytes --]
New comment by ahesford on void-packages repository
https://github.com/void-linux/void-packages/pull/24754#issuecomment-689898960
Comment:
This is probably a fine replacement, depending on how much we care about sanity checks on values on group and user definitions.
As a totally contrived example, suppose somebody puts an invalid value in `$system_groups`, say `wheel:x:123`. This will be split into a group `wheel:x` and a gid `123`. Currently, when `getent group wheel:x` is run, the output will be empty and the return value nonzero because the group does not (and can never) exist. The trigger will try to create the group, but `groupadd` will fail because `wheel:x` is not a valid name, causing the trigger to complain during install.
The `grep` replacement will instead test a match on `wheel:x:` in `etc/group`, which (in this case) should match the existing group definition for `wheel`, meaning the trigger will not report an error. (It will also not report that a group was created, but that's much harder to notice than a failure message.)
In the end, it seems like the system state would be the same either way, because either a valid group is created or already exists; an invalid group fails to match and the trigger tries unsuccessfully to create it; or an invalid group falsely matches and the trigger doesn't try to run a `groupadd` command that would have failed anyway.
If we care about the failure always appearing when a group should be created but isn't, you might have to `cut` the fields of the files or pull `awk` into the picture.
next prev parent reply other threads:[~2020-09-10 0:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-08 0:40 [PR PATCH] " sgn
2020-09-08 1:29 ` ericonr
2020-09-08 12:04 ` sgn
2020-09-09 1:07 ` [PR PATCH] [Updated] " sgn
2020-09-09 14:04 ` sgn
2020-09-10 0:37 ` ahesford [this message]
2020-09-10 0:57 ` sgn
2020-09-10 1:03 ` [PR PATCH] [Updated] " sgn
2020-09-10 1:17 ` ahesford
2020-09-10 6:54 ` the-maldridge
2020-09-10 7:04 ` ericonr
2020-09-10 7:09 ` ericonr
2020-09-10 13:06 ` sgn
2020-09-10 13:48 ` ahesford
2020-09-10 13:53 ` sgn
2020-09-10 13:57 ` ericonr
2020-09-10 14:01 ` sgn
2020-09-10 14:01 ` [PR PATCH] [Closed]: " sgn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200910003741.xQNIrvBdxhn3RR1swGXQMcoN9CupxyjB7ttHkb_4m2w@z \
--to=ahesford@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).