* [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked
@ 2017-06-08 15:26 Jens Maus
2017-06-11 13:48 ` Yann E. MORIN
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jens Maus @ 2017-06-08 15:26 UTC (permalink / raw)
To: buildroot
This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.
Signed-off-by: Jens Maus <mail@jens-maus.de>
---
support/scripts/mkusers | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index 2ac76f986..e83aff6e0 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -303,7 +303,7 @@ add_one_user() {
# Remove any previous instance of this user
for _f in "${PASSWD}" "${SHADOW}"; do
- sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
+ sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
done
_gid="$( get_gid "${group}" )"
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked
2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
@ 2017-06-11 13:48 ` Yann E. MORIN
2017-06-11 13:52 ` Yann E. MORIN
2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
2 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2017-06-11 13:48 UTC (permalink / raw)
To: buildroot
Jens, All,
On 2017-06-08 17:26 +0200, Jens Maus spake thusly:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <mail@jens-maus.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
It is to be noted that --follow-symlinks was introduced in sed 4.2,
released 2009-05-11, a bit more than 8 years ago, and this is old enough
that we believe all sane distros have it.
Regards,
Yann E. MORIN.
> ---
> support/scripts/mkusers | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..e83aff6e0 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -303,7 +303,7 @@ add_one_user() {
>
> # Remove any previous instance of this user
> for _f in "${PASSWD}" "${SHADOW}"; do
> - sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> + sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
> done
>
> _gid="$( get_gid "${group}" )"
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked
2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
2017-06-11 13:48 ` Yann E. MORIN
@ 2017-06-11 13:52 ` Yann E. MORIN
2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
2 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2017-06-11 13:52 UTC (permalink / raw)
To: buildroot
Jens, All,
On 2017-06-08 17:26 +0200, Jens Maus spake thusly:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <mail@jens-maus.de>
> ---
> support/scripts/mkusers | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..e83aff6e0 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -303,7 +303,7 @@ add_one_user() {
>
> # Remove any previous instance of this user
> for _f in "${PASSWD}" "${SHADOW}"; do
> - sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> + sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
By the way, you missed a few occurences:
- line 222
- line 227
- line 266
Care to fix those as well and respin, please?
Regards,
Yann E. MORIN.
> done
>
> _gid="$( get_gid "${group}" )"
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2] support/scripts: allow /etc/shadow to be symlinked
2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
2017-06-11 13:48 ` Yann E. MORIN
2017-06-11 13:52 ` Yann E. MORIN
@ 2017-06-12 13:35 ` Jens Maus
2017-06-17 19:27 ` Yann E. MORIN
2017-06-24 15:50 ` Thomas Petazzoni
2 siblings, 2 replies; 6+ messages in thread
From: Jens Maus @ 2017-06-12 13:35 UTC (permalink / raw)
To: buildroot
This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.
Signed-off-by: Jens Maus <mail@jens-maus.de>
---
Changes v1 -> v2:
- extended follow-symlinks use (requested by Yann)
Signed-off-by: Jens Maus <mail@jens-maus.de>
---
support/scripts/mkusers | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index 2ac76f986..5bbec3e10 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -219,12 +219,12 @@ add_one_group() {
fi
# Remove any previous instance of this group, and re-add the new one
- sed -i -e '/^'"${group}"':.*/d;' "${GROUP}"
+ sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GROUP}"
printf "%s:x:%d:\n" "${group}" "${gid}" >>"${GROUP}"
# Ditto for /etc/gshadow if it exists
if [ -f "${GSHADOW}" ]; then
- sed -i -e '/^'"${group}"':.*/d;' "${GSHADOW}"
+ sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GSHADOW}"
printf "%s:*::\n" "${group}" >>"${GSHADOW}"
fi
}
@@ -263,7 +263,8 @@ add_user_to_group() {
for _f in "${GROUP}" "${GSHADOW}"; do
[ -f "${_f}" ] || continue
- sed -r -i -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;' \
+ sed -r -i --follow-symlinks \
+ -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;' \
-e 's/^('"${group}"':.*)$/\1,'"${username}"'/;' \
-e 's/,+/,/' \
-e 's/:,/:/' \
@@ -303,7 +304,7 @@ add_one_user() {
# Remove any previous instance of this user
for _f in "${PASSWD}" "${SHADOW}"; do
- sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
+ sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
done
_gid="$( get_gid "${group}" )"
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2] support/scripts: allow /etc/shadow to be symlinked
2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
@ 2017-06-17 19:27 ` Yann E. MORIN
2017-06-24 15:50 ` Thomas Petazzoni
1 sibling, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2017-06-17 19:27 UTC (permalink / raw)
To: buildroot
Jens, All,
On 2017-06-12 15:35 +0200, Jens Maus spake thusly:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <mail@jens-maus.de>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> Changes v1 -> v2:
> - extended follow-symlinks use (requested by Yann)
>
> Signed-off-by: Jens Maus <mail@jens-maus.de>
> ---
> support/scripts/mkusers | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..5bbec3e10 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -219,12 +219,12 @@ add_one_group() {
> fi
>
> # Remove any previous instance of this group, and re-add the new one
> - sed -i -e '/^'"${group}"':.*/d;' "${GROUP}"
> + sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GROUP}"
> printf "%s:x:%d:\n" "${group}" "${gid}" >>"${GROUP}"
>
> # Ditto for /etc/gshadow if it exists
> if [ -f "${GSHADOW}" ]; then
> - sed -i -e '/^'"${group}"':.*/d;' "${GSHADOW}"
> + sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GSHADOW}"
> printf "%s:*::\n" "${group}" >>"${GSHADOW}"
> fi
> }
> @@ -263,7 +263,8 @@ add_user_to_group() {
>
> for _f in "${GROUP}" "${GSHADOW}"; do
> [ -f "${_f}" ] || continue
> - sed -r -i -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;' \
> + sed -r -i --follow-symlinks \
> + -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;' \
> -e 's/^('"${group}"':.*)$/\1,'"${username}"'/;' \
> -e 's/,+/,/' \
> -e 's/:,/:/' \
> @@ -303,7 +304,7 @@ add_one_user() {
>
> # Remove any previous instance of this user
> for _f in "${PASSWD}" "${SHADOW}"; do
> - sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> + sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
> done
>
> _gid="$( get_gid "${group}" )"
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2] support/scripts: allow /etc/shadow to be symlinked
2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
2017-06-17 19:27 ` Yann E. MORIN
@ 2017-06-24 15:50 ` Thomas Petazzoni
1 sibling, 0 replies; 6+ messages in thread
From: Thomas Petazzoni @ 2017-06-24 15:50 UTC (permalink / raw)
To: buildroot
Hello,
On Mon, 12 Jun 2017 15:35:54 +0200, Jens Maus wrote:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
>
> Signed-off-by: Jens Maus <mail@jens-maus.de>
>
> ---
> Changes v1 -> v2:
> - extended follow-symlinks use (requested by Yann)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-06-24 15:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
2017-06-11 13:48 ` Yann E. MORIN
2017-06-11 13:52 ` Yann E. MORIN
2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
2017-06-17 19:27 ` Yann E. MORIN
2017-06-24 15:50 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.