On Sun, Sep 01, 2002 at 09:58:08AM +0300, Yedidyah Bar-David wrote: > I did grep *some* sources. I didn't think about useradd. > This is indeed the "shadow" package (useradd, vipw, ...). > > Thanks for anyone who replied!
Ok, here's a way to figure out which package uses a file.
1. get syscalltrack
2. upload a rule to log any acess to said file (or any open with
O_RDWR|O_WRONLY, or any write to the file, etc. Something that will
narrow down the options). This rule would look like this (untested):
rule {
syscall_name = open
rule_name = open_etc_passwd
when = before
filter_expression { PARAMS[1] == "/etc/passwd-" }
action {
type = LOG
log_format { "process %pid(%comm) called %sname(%params) on /etc/passwd-"
}
}
}
3. see which binaries access said file
4. figure out which package they belong to (dpkg --search on debian,
rpm -qf on redhat).
5. get the source for the package in question and peruse at will.
> However, even though still off-topic, I am still interested in ideas
> about the second problem, of how to find such things, and I think
> others are too. I do hope to get more answers then "ask your favourite
> ML" (which did work!). "grep the entire sources of the packages you
> have installed" is also not what I expect, although having the option
> is great.
See above. This is not the fastest way to do it, but it will
definitely give you the answer eventually.
As for you original question, of how to use google with special chars,
write their customer support and ask them. I'd be interested in the
answer as well.
msg21474/pgp00000.pgp
Description: PGP signature
