This file is indexed.

/usr/sbin/nssldap-update-ignoreusers is in libnss-ldap 264-2.2ubuntu2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/bin/sh -e
#
#    nssldap-update-ignoreusers
#    Copyright (C) 2008 Canonical Ltd.
#    Author: Dustin Kirkland <kirkland@canonical.com>
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License version 3,
#    as published by the Free Software Foundation.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#


# Location of LDAP's nss_* configuration
CONF=/etc/ldap.conf
if [ ! -s $CONF ]; then
	exit 0
fi

# Location of logged $CONF changes
LOGDIR="/var/lib/libnss-ldap"

# Load threshold for ignoring uid's from $CONF
MIN=`grep "^nss_initgroups_minimum_uid " $CONF | tail -n 1 | awk '{print $2}'`

# If unspecified, set to 1000 (ignore local system id's) to prevent boot hang
if [ -z $MIN ]; then
	MIN=1000
fi

# Load existing list of ignored users from ldap.conf
LOADED_USERS=`grep "^nss_initgroups_ignoreusers " $CONF | tail -n 1 | awk '{print $2}'`

# Build list of users to ignore based on specified minimum UID
users=`cat /etc/passwd | awk -F":" '{if ($3 <'$MIN') print $1 ","}' | xargs -i echo -n {}`

# Merge the two lists, remove whitespace, sort alphabetically, prune duplicates
users=`echo "$LOADED_USERS,$users" | sed "s/ //g" | sed "s/,/\n/g" | sort | uniq | xargs -i echo -n {},`

# Removing any leading or trailing commas
users=`echo "$users" | sed "s/^,//" | sed "s/,$//"`
confline="nss_initgroups_ignoreusers $users"

# Build new conf file
tmpfile=`mktemp`
cat $CONF > $tmpfile
if grep "^nss_initgroups_ignoreusers " $CONF >/dev/null; then
	sed -i "s/^nss_initgroups_ignoreusers .*$/$confline/g" $CONF
else
	echo $confline >> $CONF
fi

# If changes have occured, log the difference
if ! diff -up $tmpfile $CONF >/dev/null; then
	timestamp=`date +%Y%m%d%H%M%S`
	mkdir -p $LOGDIR 2>/dev/null || true
	diff -up $tmpfile $CONF > $LOGDIR/ldap.conf.$timestamp.diff || true
	logger -p syslog.info -t libnss-ldap "Modified $CONF, see changes in $LOGDIR/ldap.conf.$timestamp.diff"
fi
rm -f $tmpfile

exit 0