Protecting /etc/passwd and /etc/shadow from concurrent access

How do I protect /etc/passwd and /etc/shadow from concurrent access? I don't see 开发者_开发问答any locking mechanism in pwd.h. I see the manual for pwd_mkdb mentions obtaining a lock, but is it just locking the file for exclusive access?

Is there a convention for locking these files if I were to write a utility to modify them directly, or through the get/set/endpwent family of functions?

I think most applications use PAM these days, don't they? http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_ADG.html. That said, you might look at the source for `pam_unix.so' to see how they do it. I looked in pam_unix_passwd.c and followed this:

/* update the password database(s) -- race conditions..? */

retval = unix_update_db(pamh, ctrl, user, pass_old, pass_new);

To here which has a lot of functions prefixed `pwdb'. Googling again revealed this which I think is the source for passwd.

As a result, I think editing these files is handled by libpwdb. Certainly I see includes to:

#include <pwdb/pwdb_public.h>
#include <pwdb/pwdb_shadow.h>

But find . -name "*pwdb*" 2>/dev/null has turned up nothing on my system so far.