SVR3 passwd changes mode of passwd file
David Elliott
dce at mips.COM
Thu Sep 22 00:49:06 AEST 1988
In article <1235 at cbnews.ATT.COM> lvc at cbnews.ATT.COM (Lawrence V. Cipriani) writes:
>In article <3394 at dunkshot.mips.COM> dce at mips.COM (David Elliott) writes:
>>
> ...
>>I have had a couple of complaints about this [/bin/passwd changes mode of
>>/etc/passwd explicitly to 0444 -lvc], and would like to decide on a solution.
>>Is it reasonable to have passwd fix the mode of the new /etc/passwd
>>to be the same as the current /etc/passwd?
>
>No, unless you don't give a darn about security. What exactly is your
>complaint about mode 0444 on /etc/passwd? Anything one should be allowed
>to do to /etc/passwd should be done by root or the owner of /etc. A
>carefully coded suid to root should do the job. Please elaborate what your
>need is.
I have no complaint. I have no need. Maybe I should make it clearer.
A customer of ours who uses BSD Unix complained that "something" was
changing the mode of /etc/passwd from 0644 (which he set it to) to 0444.
I believe that the complaint was that he had to use ":w!" in vi (I know,
vi'ing the password file is wrong, but we haven't had time to add a vipw
program yet).
On the other hand, let's remember what we're talking about here. If I
want to create a file whose name contains spaces, Unix lets me. If I
want to set up a file with mode 0002, Unix lets me. This is one of the
aspects of the Unix philosophy. Why should Unix change the mode of
my password file if I set it to something explicitly?
This isn't a case of security. If he has to, this customer is going to
set up a cron job to "fix" the mode of /etc/passwd because that's the
mode he wants it to have.
--
David Elliott dce at mips.com or {ames,prls,pyramid,decwrl}!mips!dce
More information about the Comp.unix.questions
mailing list