HPE Community
Operating System - HP-UX
1823942 Members
3504 Online
109667 Solutions
New Discussion юеВ

passwd file permission (OS Internal)

 
SOLVED
Go to solution
Senthil Kumar V
Occasional Advisor

тАО02-25-2005 09:46 PM

тАО02-25-2005 09:46 PM

passwd file permission (OS Internal)

Dear Friends,

users other than root don't have permission to write the /etc/passwd file. How the passwd changes are happening for non-root users?

regards,

Senthil
0 Kudos
6 REPLIES 6
Suraj Singh_1
Trusted Contributor

тАО02-25-2005 10:10 PM

тАО02-25-2005 10:10 PM

Re: passwd file permission (OS Internal)

Hi Santhil,

Have a look at the permissions of /sbin/passwd file, i.e., run
# ll /sbin/passwd
you will get the permissions something like this:
-r-sr-xr-x 1 root bin 229376 Nov 7 1997 passwd
Pls. go through the man pages of chmod and you will get the answer.
What we cannot speak about we must pass over in silence.
0 Kudos
Darrel Louis
Honored Contributor

тАО02-25-2005 10:31 PM

тАО02-25-2005 10:31 PM

Re: passwd file permission (OS Internal)

Senthil,
File Owner Permission
/usr/bin/passwd - root:root 4555
Command used to change a password, with the SUID set the non-root users will be able to change the password.

Permissions on /etc/passwd:
/etc/passwd root:root 444
File containing user accounts

For security reason, look at Trusted/Shadow
password.

Good Luck,

Darrel
0 Kudos
Bill Hassell
Honored Contributor

тАО02-26-2005 09:28 AM

тАО02-26-2005 09:28 AM

Re: passwd file permission (OS Internal)

What changes are being made? Anyone can change their password (the second field n the passwd file) or their login shell (using chsh). If users are being deleted or added without your knowledge, then you should consider the possibility that your system has been compromised. Use pwck to check the passwd file. Then see if there are duplicate user IDs in passwd (use: logins -d). Any UID=0 accounts other than root are very bad! Change the root password immediately. Check the shell history for root: .sh_history


Bill Hassell, sysadmin
0 Kudos
Taulant Shamo
Frequent Advisor

тАО02-27-2005 12:16 AM

тАО02-27-2005 12:16 AM

Re: passwd file permission (OS Internal)

Hi Senthil,

1. Log as Root

2. Check the passwd file permission:
$ll /etc/passwd
-r--r--r--

3. If is not like above change it by command:
$chmod 444 /etc/passwd

4. Check it again and should be:

$ll /etc/passwd
-r--r--r--

-r--r--r--
u g o

user=u group=g other=o
r-- r-- r--
4=read
2=write
1=execude

7=4+2+1 = rwx read write execude
all permissions

This is the way of reasoning.


Bye
Taulant
0 Kudos
Ranjith_5
Honored Contributor

тАО02-27-2005 01:04 AM

тАО02-27-2005 01:04 AM

Solution

Re: passwd file permission (OS Internal)

Hi Senthil,

I understand your doubt.

There is something like SUID.Unix allows programs to be endowed with privileges that belong to another user (such as root). Unix uses three of the twelve mode bits to support special permissions. These permissions are named SetUID (SUID), SetGID (SGID), and sticky bit permissions. Files that have the SUID bit set will run with effective user UID of the owner of the file. Files that have the SGID bit set will run with the effective group ID of the group owner of the file. Files with the sticky bit have special properties. Regular files with the sticky bit set are supposed to remain in the swap file after they have finished execution. This was to provide better performance to the system and not force commonly accessed programs to be loaded from swap each time. On directory files, the sticky bit is interpreted in such a way that only the owner of the file in that directory can delete a file. This is generally used with the /tmp directory so that users cannot delete other users files even though all users The SUID and SGID permissions are indicated with the ls -l command. A s in the execute field for owner or group indicates SUID or SGID respectively. The sticky bit is indicated in the ls -l command by a t in the execute bit for others.

See the permissions of the #passwd command.

Server1>#ls -al /usr/bin/passwd
-r-sr-xr-x 5 root bin 53248 May 18 2003 /usr/bin/passwd


This means there is SUID set for the binary /usrbin/passwd. that means when executing /usr/bin/passwd it executes with root permission and so able to edit /etc/passwd and change password. Some constriants are also hard coded in the passwd binary so that all the users exept root, can only change their own passwd.

But you cannot use vi command to edit the /etc/passwd as a normal user since you dont have write permission.

Server1>#ls -al /etc/passwd
-r--r--r-- 1 root root 1398 Feb 22 11:00 /etc/passwd

See

http://docs.hp.com/en/B2355-60103/setresuid.2.html

For detailed study, read "Files and Directory Permissions" part of any unix study guide. If you have Rafeeq Ur Rahman's Book it mentioned in detail there.

Regards,
Syam
0 Kudos
Senthil Kumar V
Occasional Advisor

тАО02-27-2005 03:07 PM

тАО02-27-2005 03:07 PM

Re: passwd file permission (OS Internal)

Dear Shyam,

Thanks for your detailed clarification.

with regards,

Senthil
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.