/etc/passwd is set to 444 for a lot of reqasons. If the passwd file cannot be read by ordinary users, many, many commands will fail. There are a lot of commands that raed the passwd file. For example: ls -l or ll. Change the passwd file so it's not readable and now these commands can only show numbers for usernames and groupnames. Other commands like finger, id and top and bascially any program that reports a username will fail. You'll also break your scripts that compare the output of id -un with "root" or other usernames will break.
It is really common to read Unix 101 books that warn about the vulnerability of the passwd file and not realize that this was solved decades ago with the shadow passwd file or the more secure method used by HP-UX, the TCB (Trusted Computing Base) design.
So your system won't crash and because login is a setUID program, it can log anyone into the system, but a lot of things won't work quite right--not something a system administrator needs to worry about. If security is a concern, convert to Trusted.
Bill Hassell, sysadmin
