Inaccessible password files
Steven M. Kramer
smk at linus.UUCP
Sun Jul 17 17:26:39 AEST 1983
Using the passwd file again for a utility is not exactly kosher as
far as good security/separation/... goes. The passwd is the authentication
mechanism for you to gain access to the system (thought of as a resource
in a way). You are now using the SAME entry device for another
resource. What you have done is munged the idea of separation of
resources. I agree with the idea of least privilege, but you'll see
it works much better with another authentication mechanism. I
suggest using another set of passwords. Then you'll get both
separation, least privilege, and you can protect BOTH passwd files
separately.
--
--steve kramer
{allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP)
linus!smk at mitre-bedford (ARPA)
More information about the Comp.unix.wizards
mailing list