[Mono-dev] [PATCH] Bug in Mono.Posix handling '+::::::' entry in /etc/passwd

Jonathan Pryor jonpryor at vt.edu
Mon Apr 27 19:58:14 EDT 2009

On Mon, 2009-04-27 at 23:41 +0200, Robert Jordan wrote:
> Jonathan Pryor wrote:
> > So why do you have '+::::::' in your /etc/passwd to begin with?  That's
> > not a valid entry anyway (no user id)!
> It's for NIS.
> '+::::::' -> include all users returned by the NIS passwd map.
> '-::::::' -> allow only local users.
> '+robertj::::::' -> include only 'robertj'
> '-robertj::::::' -> exclude robertj.

This may be wrong, but [0] implies differently, saying that an entry of
'+:*:0:0:::' to include all users returned by NIS.

> The question is: why are those entries returned in the first
> place by getpwent on the machine of the OP?

Good question, as the LDP getpwent(3) man page suggests that NIS entries
should be returned "inline":

        The getpwent() function returns a pointer to a structure
        containing the broken-out  fields  of  a  record from the
        password database (e.g., the local password file /etc/passwd,
        NIS, and LDAP).

Perhaps I'm mis-reading that, but it implies to me that if NIS is
configured properly getpwent(3) should actually return NIS entries, not
return the '+:...' record from /etc/passwd directly.  (Does anybody have
NIS setup to see what getpwent(3) actually does?)

In any event, I believe it's a Bad Idea (TM) for
UnixUserInfo.GetLocalUsers() to start skipping entries that getpwent(3)
is returning.  If a user should be skipped, then the code calling
UnixUserInfo.GetLocalUsers() should skip it, otherwise we're silently
dropping data in a difficult-to-debug manner.

 - Jon

[0] http://userpages.umbc.edu/~jack/ifsm498d/llb-nis.html

More information about the Mono-devel-list mailing list