Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How the /etc/passwd file is written when user does not have permission
Top Forums UNIX for Dummies Questions & Answers How the /etc/passwd file is written when user does not have permission Post 302223666 by buffoonix on Monday 11th of August 2008 04:25:18 AM
Old 08-11-2008
Does this really smell like homework?
I would have taken it for a legitimate newbie question,
especially since it was posted in the Dummies section.

Have a look at the user interface's binary to change one's password
which is the command passwd
Code:
$ ls -l /usr/bin/passwd 
-rwsr-xr-x 1 root root 22960 Jul 17  2006 /usr/bin/passwd

As you can see from the owner's (i.e. root) perm bits instead of the usual x
for execute there appears an s, the so called suid bit (that's what era referred to).
This means that although most of the times executed by ordinary users,
the command actually runs under the effective uid of root who is the only one on the system (normally) who is allowed to write to the file /etc/passwd.

If you look at the perms of the ping command you will find another suid binary
because ordinary users are not allowed to emit ICMP echo request packets.

Because of the security implications those elevated privileges impose
you generally will find only very few suid enabled executables on most Unix systems.
And their number should be observed in e.g. security audits or when hardening a system.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Looking for specific user ID's from the passwd file

Hello, My issue is that I want to look for specific users that have their first and last initial followed by four numbers. For example: ab1234 I've already got the user ID's out of the passwd file more passwd | awk -F ":" '{print $1}' > userids I just need to know how to just pick... (8 Replies)
Discussion started by: LinuxRacr
8 Replies

2. Solaris

Solaris 8 passwd locked out − permission denied

Hi Gurus, i have ussers cannot change their passwords, neither can root change the user's password. O.S. Solaris 8 up−to−date on security patchaes as far as I know. Examples (names have been changed to protect the guilty): User logged on: $ passwd passwd: Changing password for <user>... (8 Replies)
Discussion started by: raziayub
8 Replies

3. UNIX for Dummies Questions & Answers

granting permission to file/directory to a specific user

hello, I would like to grant full access to a directory which is owned by root and the web application that created it. I have though of adding the permission to the whole world, but for security reason I would like to grant it to one more user. I have tried this 'chmod -U newUser+wrx... (2 Replies)
Discussion started by: run123
2 Replies

4. AIX

Change file permission by anothere user !

Guy's we are in AIX 5.3 We have created two users user1 and user2 and they are under same group Staff Group user1 will create file under /tmp/ and this is the permission of this file -rw-r--r-- 1 user1 staff 1 Jun 13 09:47 file user2 is under same group and when he... (14 Replies)
Discussion started by: ITHelper
14 Replies

5. UNIX for Advanced & Expert Users

Determining if user is local-user in /etc/passwd or LDAP user

Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent. The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Discussion started by: ckmehta
5 Replies

6. AIX

Permission to a external user to a file

Is there any possible way to give permission to a user to a file whose not a member of that group. Also the permission of the file shouls be given only to that USER but not all OTHERS. Thanks in Advance for ur replies/suggestions... (5 Replies)
Discussion started by: ksailesh
5 Replies

7. Red Hat

useradd w/o write permission on /etc/passwd

Hi root user creates a user using the useradd command. This command creates an entry in the /etc/passwd file. /etc/passwd file has rw permission for the root user. Now, if I happen to remove the w permission for the root user, useradd command still is successfully creating entry in the... (3 Replies)
Discussion started by: guruprasadpr
3 Replies

8. Shell Programming and Scripting

Matching user alias's to their ID's in the passwd file

Hi, I've a user alias file in the below format.. I need to change all the ID's that come after the = sign (with some multiple ID's which are separated by comma's) to their respective users that are contained in the passwords file.. Whats the best way to go about this.. Some sort of sed command in... (2 Replies)
Discussion started by: Jazmania
2 Replies

9. UNIX for Dummies Questions & Answers

User info not present in passwd file

I have logged into a box with some userid,but in this box der is no entry for this userid in /etc/passwd file.this box is used by multiple users but none of them have their enteries in passwd file but for each user there is a directory in /home like for user1 /home/user1 for user2... (5 Replies)
Discussion started by: Jcpratap
5 Replies

10. UNIX for Advanced & Expert Users

Passwd file define user with special character

Hi all , The FTP user defind in my passwd file has ! in the hash password field and i want to know way is that its usually either MD5(Unix) hash or * can anyone explain to me i'm new for unix and want to learn this how my passwd file looks : ... (2 Replies)
Discussion started by: dahash11
2 Replies

LEARN ABOUT SUNOS

d_passwd

d_passwd(4)							   File Formats 						       d_passwd(4)

NAME

       d_passwd - dial-up password file

SYNOPSIS

       /etc/d_passwd

DESCRIPTION

       A  dial-up  password is an additional password required of users who access the computer through a modem or dial-up port. The correct pass-
       word must be entered before the user is granted access to the computer.

       d_passwd is an ASCII file which contains a list of executable programs (typically shells) that require a dial-up password and  the  associ-
       ated encrypted passwords. When a user attempts to log in on any of the ports listed in the dialups file (see dialups(4)), the login program
       looks at the user's login entry stored in the passwd file (see passwd(4)), and compares the login shell field to the entries  in  d_passwd.
       These entries determine whether the user will be required to supply a dial-up password.

       Each entry in d_passwd is a single line of the form:

       login-shell:password:

       where

       login-shell     The name of the login program that will require an additional dial-up password.

       password        An  encrypted  password. Users accessing the computer through a dial-up port or modem using login-shell will be required to
		       enter this password before gaining access to the computer.

       d_passwd should be owned by the root user and the root group. The file should have read and write permissions for the owner (root) only.

       If the user's login program in the passwd file is not found in d_passwd or if the login shell field in passwd is empty, the user must  sup-
       ply  the  default  password.  The default password is the entry for /usr/bin/sh. If d_passwd has no entry for /usr/bin/sh, then those users
       whose login shell field in passwd is empty or does not match any entry in d_passwd will not be prompted for a dial-up password.

       Dial-up logins are disabled if d_passwd has only the following entry:

       /usr/bin/sh:*:

EXAMPLES

       Example 1: Sample d_passwd file.

       Here is a sample d_passwd file:

       /usr/lib/uucp/uucico:q.mJzTnu8icF0:
       /usr/bin/csh:6k/7KCFRPNVXg:
       /usr/bin/ksh:9df/FDf.4jkRt:
       /usr/bin/sh:41FuGVzGcDJlw:

   Generating An Encrypted Password
       The passwd (see passwd(1)) utility can be used to generate the encrypted password for each login program. passwd generates encrypted  pass-
       words  for  users  and places the password in the shadow (see shadow(4)) file. Passwords for the d_passwd file will need to be generated by
       first adding a temporary user id using useradd (see useradd(1M)), and then using passwd(1) to generate the desired password in  the  shadow
       file. Once the encrypted version of the password has been created, it can be copied to the d_passwd file.

       For example:

       1.
	   Type useradd tempuser and press Return. This creates a user named tempuser.

       2.  Type passwd tempuser and press Return. This creates an encrypted password for tempuser and places it in the shadow file.

       3.  Find the entry for tempuser in the shadow file and copy the encrypted password to the desired entry in the d_passwd file.

       4.  Type userdel tempuser and press Return to delete tempuser.

       These steps must be executed as the root user.

FILES

       /etc/d_passwd	       dial-up password file

       /etc/dialups	       list of dial-up ports requiring dial-up passwords

       /etc/passwd	       password file

       /etc/shadow	       shadow password file

SEE ALSO

       passwd(1), useradd(1M), dialups(4), passwd(4), shadow(4)

WARNINGS

       When  creating  a  new  dial-up password, be sure to remain logged in on at least one terminal while testing the new password. This ensures
       that there is an available terminal from which you can correct any mistakes that were made when the new password was added.

SunOS 5.10							    2 Sep 2004							       d_passwd(4)
All times are GMT -4. The time now is 12:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy