From 1aafc818a474230f8e69004683bb2ee0d3131e5f Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 21 Sep 2022 00:22:44 -0400 Subject: [PATCH] sshpwd-profile-iiab.sh.j2: Explain 'sudo -s' exception --- roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 index 1dc7d0c2f..7443f00ce 100755 --- a/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2 @@ -26,7 +26,7 @@ check_user_pwd() { # 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949) # This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH - field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo + field2=$(sudo -n grep "^$1:" /etc/shadow | cut -d: -f2) # sets field2 to "" if sudo -s fails to read /etc/shadow [[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]] # # $meth (hashing method) is typically '6' which implies 5000 rounds