The way Solaris locks and edits passwd/shadow files is pretty cool.
It points the way for doing passwd/shadow file updates atomically and
safely. A good way to do this, though slightly different from the way
Solaris does it, may be to:
- open("/etc/ptmp", O_WRONLY | O_CREAT | O_EXCL, 600)
- open("/etc/stmp", O_WRONLY | O_CREAT | O_EXCL, 600)
- stream edit /etc/passwd into /etc/ptmp
- stream edit /etc/shadow into /etc/stmp
- rename("/etc/stmp", "/etc/shadow")
- chmod("/etc/ptmp", 444)
- rename("/etc/ptmp", "/etc/passwd")
The two renames are not atomic together, but that's ok. As long as all
lockers lock both files in the same order all's ok. Some simple
heuristics can help deal with any system crash between the two renames.
I think SunOS 4.x even used to check, at boot time, if /etc/passwd was
missing and if there was an /etc/ptmp file it would be renamed to
/etc/passwd.
Nico
--
