On Thu, 2007-06-14 at 10:44 -0400, Jarod Wilson wrote: > Tom "spot" Callaway wrote: > > On Thu, 2007-06-14 at 10:14 -0400, Simo Sorce wrote: > >> On Thu, 2007-06-14 at 08:44 -0500, Tom "spot" Callaway wrote: > >> > >>> A possible improvement I could see would be to change the tool to ask > >>> pam if the user exists, as opposed to simply looking > >> I guess you mean NSS > >> > >>> in /etc/passwd, /etc/group, as that would better cover network user > >>> conflicts. > >> If you don't already do it, you should _really_ do it and quickly. > >> Checking /etc/passwd directly today is not acceptable IMO, NSS has been > >> introduced exactly to decouple user querying from knowledge of the > >> underlying db and mechanisms used. > > > > So... since I know pam but not NSS, is there a way to ask that question > > (does a user/group exist) on the commandline with existing NSS tools? > > Do these achieve the desired results? No. > # getent passwd | cut -d: -f1 | grep -c <user> > > # getent group | cut -d: -f1 | grep -c <group> It is advised to query the specific name required, the posix specification allow for backends not to reply all or any of the accounts in the db. But you have to replay if a specific user/group is requested. On very large environments (nis, ldap, winbindd) listing all the accounts and then grepping out the one you need is a complete waste of resources anyway and also a possibly very, very long operation. so the right method might be: getent passwd <user> >/dev/null getent group <group> >/dev/null if the user/group exist then 0 is returned if not then non zero (2 iirc) is returned Simo. -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
