Acclaimed Contributor Acclaimed Contributor
Re: How do I explain this to an auditor?

>Just wonder how can user password be periodically changed per password policy, if no change of these files are allowed?"


I'm curious why an auditor would care about stricter permissions.  :-)


Also, if you use NIS, you don't change the passwd(4) file on the client systems.


>root is a special case in UNIX.  They ALWAYS have permission, no matter what.


If under NFS, there may be another special case.  If the export defaults to root-is-less-than-dirt, (nobody) he won't be able to write.

Nor will root be able to write to a read only filesystem.  :-)