All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked
@ 2017-06-08 15:26 Jens Maus
  2017-06-11 13:48 ` Yann E. MORIN
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Jens Maus @ 2017-06-08 15:26 UTC (permalink / raw)
  To: buildroot

This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.

Signed-off-by: Jens Maus <mail@jens-maus.de>
---
 support/scripts/mkusers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index 2ac76f986..e83aff6e0 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -303,7 +303,7 @@ add_one_user() {
 
     # Remove any previous instance of this user
     for _f in "${PASSWD}" "${SHADOW}"; do
-        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
+        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
     done
 
     _gid="$( get_gid "${group}" )"
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked
  2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
@ 2017-06-11 13:48 ` Yann E. MORIN
  2017-06-11 13:52 ` Yann E. MORIN
  2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
  2 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2017-06-11 13:48 UTC (permalink / raw)
  To: buildroot

Jens, All,

On 2017-06-08 17:26 +0200, Jens Maus spake thusly:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>

Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

It is to be noted that --follow-symlinks was introduced in sed 4.2,
released 2009-05-11, a bit more than 8 years ago, and this is old enough
that we believe all sane distros have it.

Regards,
Yann E. MORIN.

> ---
>  support/scripts/mkusers | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..e83aff6e0 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -303,7 +303,7 @@ add_one_user() {
>  
>      # Remove any previous instance of this user
>      for _f in "${PASSWD}" "${SHADOW}"; do
> -        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> +        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
>      done
>  
>      _gid="$( get_gid "${group}" )"
> -- 
> 2.11.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked
  2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
  2017-06-11 13:48 ` Yann E. MORIN
@ 2017-06-11 13:52 ` Yann E. MORIN
  2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
  2 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2017-06-11 13:52 UTC (permalink / raw)
  To: buildroot

Jens, All,

On 2017-06-08 17:26 +0200, Jens Maus spake thusly:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>
> ---
>  support/scripts/mkusers | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..e83aff6e0 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -303,7 +303,7 @@ add_one_user() {
>  
>      # Remove any previous instance of this user
>      for _f in "${PASSWD}" "${SHADOW}"; do
> -        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> +        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"

By the way, you missed a few occurences:
  - line 222
  - line 227
  - line 266

Care to fix those as well and respin, please?

Regards,
Yann E. MORIN.

>      done
>  
>      _gid="$( get_gid "${group}" )"
> -- 
> 2.11.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2] support/scripts: allow /etc/shadow to be symlinked
  2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
  2017-06-11 13:48 ` Yann E. MORIN
  2017-06-11 13:52 ` Yann E. MORIN
@ 2017-06-12 13:35 ` Jens Maus
  2017-06-17 19:27   ` Yann E. MORIN
  2017-06-24 15:50   ` Thomas Petazzoni
  2 siblings, 2 replies; 6+ messages in thread
From: Jens Maus @ 2017-06-12 13:35 UTC (permalink / raw)
  To: buildroot

This commit fixes a problem where it was not possible to replace
/etc/shadow with a symlink to a e.g. a user partition where the
shadow file is placed. This is required, e.g. for systems where the
rootfs is mounted read-only but users should still be able to be
added. Thus, if within an filesystem overlay setup a user tries
to replace /etc/shadow with a symlink to the real file on a user
partition a buildroot build stops with an error message because
sed is called on the symlink instead of following the symlink.
This commit fixes this shortcoming.

Signed-off-by: Jens Maus <mail@jens-maus.de>

---
Changes v1 -> v2:
  - extended follow-symlinks use (requested by Yann)

Signed-off-by: Jens Maus <mail@jens-maus.de>
---
 support/scripts/mkusers | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/support/scripts/mkusers b/support/scripts/mkusers
index 2ac76f986..5bbec3e10 100755
--- a/support/scripts/mkusers
+++ b/support/scripts/mkusers
@@ -219,12 +219,12 @@ add_one_group() {
     fi
 
     # Remove any previous instance of this group, and re-add the new one
-    sed -i -e '/^'"${group}"':.*/d;' "${GROUP}"
+    sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GROUP}"
     printf "%s:x:%d:\n" "${group}" "${gid}" >>"${GROUP}"
 
     # Ditto for /etc/gshadow if it exists
     if [ -f "${GSHADOW}" ]; then
-        sed -i -e '/^'"${group}"':.*/d;' "${GSHADOW}"
+        sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GSHADOW}"
         printf "%s:*::\n" "${group}" >>"${GSHADOW}"
     fi
 }
@@ -263,7 +263,8 @@ add_user_to_group() {
 
     for _f in "${GROUP}" "${GSHADOW}"; do
         [ -f "${_f}" ] || continue
-        sed -r -i -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
+        sed -r -i --follow-symlinks \
+                  -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
                   -e 's/^('"${group}"':.*)$/\1,'"${username}"'/;'                           \
                   -e 's/,+/,/'                                                              \
                   -e 's/:,/:/'                                                              \
@@ -303,7 +304,7 @@ add_one_user() {
 
     # Remove any previous instance of this user
     for _f in "${PASSWD}" "${SHADOW}"; do
-        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
+        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
     done
 
     _gid="$( get_gid "${group}" )"
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2] support/scripts: allow /etc/shadow to be symlinked
  2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
@ 2017-06-17 19:27   ` Yann E. MORIN
  2017-06-24 15:50   ` Thomas Petazzoni
  1 sibling, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2017-06-17 19:27 UTC (permalink / raw)
  To: buildroot

Jens, All,

On 2017-06-12 15:35 +0200, Jens Maus spake thusly:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>

Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

Regards,
Yann E. MORIN.

> ---
> Changes v1 -> v2:
>   - extended follow-symlinks use (requested by Yann)
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>
> ---
>  support/scripts/mkusers | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/support/scripts/mkusers b/support/scripts/mkusers
> index 2ac76f986..5bbec3e10 100755
> --- a/support/scripts/mkusers
> +++ b/support/scripts/mkusers
> @@ -219,12 +219,12 @@ add_one_group() {
>      fi
>  
>      # Remove any previous instance of this group, and re-add the new one
> -    sed -i -e '/^'"${group}"':.*/d;' "${GROUP}"
> +    sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GROUP}"
>      printf "%s:x:%d:\n" "${group}" "${gid}" >>"${GROUP}"
>  
>      # Ditto for /etc/gshadow if it exists
>      if [ -f "${GSHADOW}" ]; then
> -        sed -i -e '/^'"${group}"':.*/d;' "${GSHADOW}"
> +        sed -i --follow-symlinks -e '/^'"${group}"':.*/d;' "${GSHADOW}"
>          printf "%s:*::\n" "${group}" >>"${GSHADOW}"
>      fi
>  }
> @@ -263,7 +263,8 @@ add_user_to_group() {
>  
>      for _f in "${GROUP}" "${GSHADOW}"; do
>          [ -f "${_f}" ] || continue
> -        sed -r -i -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
> +        sed -r -i --follow-symlinks \
> +                  -e 's/^('"${group}"':.*:)(([^:]+,)?)'"${username}"'(,[^:]+*)?$/\1\2\4/;'  \
>                    -e 's/^('"${group}"':.*)$/\1,'"${username}"'/;'                           \
>                    -e 's/,+/,/'                                                              \
>                    -e 's/:,/:/'                                                              \
> @@ -303,7 +304,7 @@ add_one_user() {
>  
>      # Remove any previous instance of this user
>      for _f in "${PASSWD}" "${SHADOW}"; do
> -        sed -r -i -e '/^'"${username}"':.*/d;' "${_f}"
> +        sed -r -i --follow-symlinks -e '/^'"${username}"':.*/d;' "${_f}"
>      done
>  
>      _gid="$( get_gid "${group}" )"
> -- 
> 2.11.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2] support/scripts: allow /etc/shadow to be symlinked
  2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
  2017-06-17 19:27   ` Yann E. MORIN
@ 2017-06-24 15:50   ` Thomas Petazzoni
  1 sibling, 0 replies; 6+ messages in thread
From: Thomas Petazzoni @ 2017-06-24 15:50 UTC (permalink / raw)
  To: buildroot

Hello,

On Mon, 12 Jun 2017 15:35:54 +0200, Jens Maus wrote:
> This commit fixes a problem where it was not possible to replace
> /etc/shadow with a symlink to a e.g. a user partition where the
> shadow file is placed. This is required, e.g. for systems where the
> rootfs is mounted read-only but users should still be able to be
> added. Thus, if within an filesystem overlay setup a user tries
> to replace /etc/shadow with a symlink to the real file on a user
> partition a buildroot build stops with an error message because
> sed is called on the symlink instead of following the symlink.
> This commit fixes this shortcoming.
> 
> Signed-off-by: Jens Maus <mail@jens-maus.de>
> 
> ---
> Changes v1 -> v2:
>   - extended follow-symlinks use (requested by Yann)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-06-24 15:50 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-08 15:26 [Buildroot] [PATCH 1/1] support/scripts/mkusers: allow /etc/shadow to be symlinked Jens Maus
2017-06-11 13:48 ` Yann E. MORIN
2017-06-11 13:52 ` Yann E. MORIN
2017-06-12 13:35 ` [Buildroot] [PATCH v2] support/scripts: " Jens Maus
2017-06-17 19:27   ` Yann E. MORIN
2017-06-24 15:50   ` Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.