many thanks to everyone who responded on the C2 question. I
still haven't fixed things, but the pointers I needed have arrived
and I wanted to get out a quick summary because the information
indicated that this has happened to more than one of us...:(.
The idea of doing it manually is truly abhorrent to me, because,
heck, that's why I got a computer, right? However, I want to
note that several people pointed out that one could rebuild things
manually by going through the /tcb/auth/files/* and grabbing
the information that way, appending each one as needed. On a
4,000+ user system this seems like a recipe for insanity, and
I'm crazy enough without...
On the automated side, Spider Boardman and Randy Hayman
both had solutions (as yet untested, but good lookin' and
above average and seemingly realistic). Spider writes:
-----------------quote begins here----------------
You didn't say what version of Digital UNIX. It matters as to
how easy the recovery can be. Two outlines of instructions
follow, the first for pre-V4.0 systems and the second for V4.0.
These are not well-tested, since I'm assuming you'd like as quick
a recovery as possible, and the time it would take me to test
them more fully would be a delay that you may not want to afford.
This is particularly the case for the pre-V4.0 instructions,
since I have no pre-V4 machines for testing.
(Approximate) recovery setup for pre-V4 systems:
# cd /tcb/files/auth
# find ? \! -name '.*' -type f -print | xargs grep ':u_id#' > /tmp/xx
# cd /tcb/files/auth
# find ? \! -name '.*' -type f -print | xargs grep ':u_id#' > /tmp/xx
(Tailor the following sed script to suit your installation. In part, this
depends on the default groups for your users and the default home directories.)
(The following line was broken at a space to try to ensure that it would pass
through e-mail OK. Re-join the two following lines with a since space for
separation to restore.)
# sed 's_at_^.*:u_name=\([^:]*\):u_id#\([^:]*\):.*$_at_\1:*:\2:15:Recovery
entry for user \1,,,:/home/\1:/bin/csh_at_' /tmp/xx > /tmp/yy
# : this step may need repetition until it works
# ln /etc/passwd /etc/ptmp # get the lock file
# : The following assumes running under ksh to do this.
# : Start a ksh sub-shell if necessary.
# exec 3</tmp/yy
# while read -u3 line
do
u="${line%%:*}"
grep -s -q "^${u}:" /etc/passwd && continue
print -r - "$line" >> /etc/passwd
done
# rm -f /etc/ptmp # unlock the file
# rm -f /tmp/xx /tmp/yy # clean up
(Approximate) instructions for V4.0 systems:
# convuser -dN | xargs edauth -g > /tmp/xx
(Use the sed script instructions from above, and the linking of /etc/passwd to
/etc/ptmp to lock the passwd file.)
# cat /tmp/yy >> /etc/passwd
(The convuser command weeded out duplicates already, unlike the pre-V4.0 case.)
# rm -f /tmp/xx /tmp/yy /etc/ptmp
---------------end of Spider's specifics, though he wished me luck :)-----
>From Randy comes this:
I've got some code which will list all users in the TCB database with certain
other data as well. I've written a suite of Digital UNIX/Enhanced Security
account maintenance utilities. user_list, which when run with no options
will list all users in the TCB database, the UID, last login, and last password
change times:
haymanr_at_icefog> /local/sbin/user_list
Reporting date: Monday 22 July 1996 15:47:14
Account UID LastLogin LastPWDchg
--------- ----- ----------- -----------
adm 10 never never
auth 6 never never
bin 3 never never
cron 7 never never
daemon 1 never never
lp 8 never never
root 0 960718_at_0835 960712_at_1537
...
...
entries printed: 18
The source, man pages, administrator's guide, and setld installable subset
are available via
ftp://raven.alaska.edu/pub/randy/zuausr/zuausr-1.08a.tar.gz
Randy M. Hayman
haymanr_at_icefog.alaska.edu
---------end of Randy's submission--------------
Now everyone cross your fingers, and thanks to everyone who responded.
::db
W. David Barnhill Barnhill_at_oz.sunflower.org
Director, Technical Services www.sunflower.org/~barnhill
Sunflower Network, Inc. webman_at_oz.sunflower.org
Received on Tue Jul 23 1996 - 16:47:54 NZST