How do I protect /etc/passwd and /etc/shadow from concurrent access? I don't see any locking mechanism in pwd.h. I see the manual for pwd_mkdb mentions obtaining a lock, but is it just locking the file for exclusive access?
Is there a convention for locking these files if I were to write a utility to modify them directly, or through the get/set/endpwent family of functions?
I think most applications use PAM these days, don't they? http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_ADG.html. That said, you might look at the source for `pam_unix.so' to see how they do it. I looked in pam_unix_passwd.c and followed this:
/* update the password database(s) -- race conditions..? */
retval = unix_update_db(pamh, ctrl, user, pass_old, pass_new);
To here which has a lot of functions prefixed `pwdb'. Googling again revealed this which I think is the source for passwd.
As a result, I think editing these files is handled by libpwdb. Certainly I see includes to:
#include <pwdb/pwdb_public.h>
#include <pwdb/pwdb_shadow.h>
But find . -name "*pwdb*" 2>/dev/null has turned up nothing on my system so far.