- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: How do I explain this to an auditor?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2014 01:59 PM
01-06-2014 01:59 PM
"When we review the file permission of /etc/passwd (-r--r--r--), /etc/shadow (-r---------), it seemed even the owner root cannot change the files. Just wonder how can user password be periodically changed per password policy, if no change of these files are allowed?"
I never really thought about it and figured the system just managed it some how via the policies. Is there a doc explaining this automagic process?
Solved! Go to Solution.
- Tags:
- Permission
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2014 02:15 PM
01-06-2014 02:15 PM
SolutionRegardless of file permissions, the root user ALWAYS has the ability to change a file.
If the owner of the file were a user other than root, then the file owner would NOT be able to change a file.
For example:
touch abc123
# ll abc123
-rw-r--r-- 1 root sys 0 Jan 6 17:04 abc123
# echo "more text" > abc123
# ll abc123
-r--r--r-- 1 root sys 10 Jan 6 17:05 abc123
# chown pwallek abc123
# ll abc123
-r--r--r-- 1 pwallek sys 10 Jan 6 17:05 abc123
# echo "more text" >> abc123
# ll abc123
-r--r--r-- 1 pwallek sys 20 Jan 6 17:07 abc123
Notice that root can still change the file, even though it is owned by 'pwallek'.
# su - pwallek
$ ll abc123
-r--r--r-- 1 pwallek sys 20 Jan 6 17:07 abc123
$ echo "more text pwallek" >> abc123
su: abc123: Cannot create the specified file.
Even though I logged in as pwallek I still can't change the file I own because it is read-only.
root, or more accurately ANY user with a UID of 0, is a special case in UNIX. They ALWAYS have permission, no matter what. If you use 'vi' to edit a read-only file as root, you can force it to save the file by doing a 'w!' (write - force). That is the only time that works though.
<SOAP BOX>
The bigger issue here is not your ability to explain to the auditor why this works, it is the auditors lack of understanding of basic UNIX principles. The auditor should NOT have to ask a question like that. Anyone with a basic amount of UNIX sys admin knowledge should already know why.
I have never understood how an auditor can effectively audit systems when he/she lack even a basic understanding of the underlying OS. I don't care what the OS is.
I actually pissed off an auditor one time a few years ago by asking that very question. He wasn't very happy with me, and I didn't care!
<OFF SOAP BOX>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2014 02:37 PM - edited 01-06-2014 02:41 PM
01-06-2014 02:37 PM - edited 01-06-2014 02:41 PM
Re: How do I explain this to an auditor?
This is an interesting post regarding the 'root' user in UNIX/LINUX:
http://www.linfo.org/root.html
And here is an good book excerpt regarding root/UID 0:
http://docstore.mik.ua/orelly/networking/puis/ch04_02.htm
Note this phrase in the above link:
Filesystem Control: Read, modify, or delete any file or program on the system
<Edited by PW>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2014 08:35 PM
01-08-2014 08:35 PM
Re: How do I explain this to an auditor?
>Just wonder how can user password be periodically changed per password policy, if no change of these files are allowed?"
I'm curious why an auditor would care about stricter permissions. :-)
Also, if you use NIS, you don't change the passwd(4) file on the client systems.
>root is a special case in UNIX. They ALWAYS have permission, no matter what.
If under NFS, there may be another special case. If the export defaults to root-is-less-than-dirt, (nobody) he won't be able to write.
Nor will root be able to write to a read only filesystem. :-)