On Mon, Feb 27, 2006 at 12:01:31PM -0600, Dallas L. Engelken wrote:
> Justin, Are you positive? I don't see getpwnam or getpwuid accessing
> /etc/shadow on linux. It hits /etc/passwd for the getpw* calls.
>
> # cat test.pl
> my $uid = getpwnam('root');
> my $name = getpwuid(0);
> print "name=$name uid=$uid\n";
That's because you're not asking for information found in shadow... :)
> # strace perl test.pl 2>&1 | grep passwd
> open("/etc/passwd", O_RDONLY) = 3
> open("/etc/passwd", O_RDONLY) = 3
Here's my version:
# cat t
my @info = getpwnam("root");
my @info2 = getpwuid(0);
# strace perl t
[...]
open("/etc/passwd", O_RDONLY) = 3
[...]
read(3, "...\n"..., 4096) = 2737
close(3) = 0
open("/etc/shadow", O_RDONLY) = 3
[...]
read(3, "..."..., 4096) = 2030
close(3) = 0
open("/etc/passwd", O_RDONLY) = 3
[...]
read(3, "...\n"..., 4096) = 2737
close(3) = 0
open("/etc/shadow", O_RDONLY) = 3
[...]
read(3, "..."..., 4096) = 2030
close(3) = 0
I would assume this is implementation dependent, but it appears that
the linux glibc version of getpwnam(), etc, is smart enough to figure
out that you're only asking for information that comes from passwd,
so that's all it reads. If you're like spamassassin though, and want a
user's home directory, the call asks for all available information, which
will include the password field which may need to come out of shadow.
If I run that script as non-root, I see 2 of these calls:
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
which is what you expect, but the function still tries to open up the
file. Since shadow isn't available, the "x" is left in the password
field for non-root users.
:)
--
Randomly Generated Tagline:
"There are two major products to come out of Berkeley: LSD and UNIX. We
don't believe this to be a coincidence." - Unknown
pgpD6YUoqmbnd.pgp
Description: PGP signature
