06-06-2013
Quote:
Originally Posted by
SkySmart
yeah file permission setting is completely out of the equation since everyone has root here. that's out of my control. but what is under my control is making sure script is inoperable unless the proper password is written.
If everyone has root, then why bother? If everyone has root, any countermeasure can be undermined and neither security nor accountability are a priority.
So, obviously, this system is insecure. That may acceptable; we don't know any of the particulars. If you explain what you are to trying to accomplish, instead of asking how to implement what you think is the solution, we may be able to provide useful advice.
As it stands, what you have asked is nonsensical. How can you use the shadow file to defend against an attacker who has permission to modify the shadow file?
Regards,
Alister
P.S. With regard to authenticating using the shadow file, it can be done using whatever interfaces your system provides to login, nagios, etc (my UNIX doesn't have a shadow file).
Last edited by alister; 06-06-2013 at 10:24 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
I do not want the plaintext password to appear in the netrc file. So I want to encrypt the password. Is there a way to encrypt the password and still make ftp to use the netrc ?
Thanks in advance.
-Gow:confused: (2 Replies)
Discussion started by: ggowrish
2 Replies
2. Shell Programming and Scripting
Hi,
I want to append password into /etc/shadow file using a shell script.
My below script does add the users to both /etc/passwd and /etc/shadow but how can I add the hordcoded passwords to /etc/shadow file can some one help me ?
# To add the groups into /etc/group file
for a_user... (5 Replies)
Discussion started by: modgil
5 Replies
3. UNIX for Dummies Questions & Answers
hi,
I had to reset a lost root password by editing the /etc/passwd and /etc/shadow files ( this is a xen vm file, so i mounted and chrooted the file )
after the reboot with an empty password on root , i have set a new password with passwd but
it only changed the /etc/passwd file.... (0 Replies)
Discussion started by: progressdll
0 Replies
4. Linux
We are currently using a script to copy the same encrypted password between our HP-UX and Solaris servers editing the trusted and shadow files directly. The encrypted password is only 13 characters long on both servers and decrypts the same way. Is there a way to copy this same string to Linux... (5 Replies)
Discussion started by: keelba
5 Replies
5. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (11 Replies)
Discussion started by: avklinux
11 Replies
6. Solaris
Is it possible to reset a normal user password , by editing password field in /etc/shadow file?
Thanks (6 Replies)
Discussion started by: ksvaisakh
6 Replies
7. UNIX for Advanced & Expert Users
Hi
I wonder whether is possible to generate enrypted passwd for some user and paste it into /etc/shadow file ?
What kind of encryption is used in /etc/shadow file ?
ths for help. (1 Reply)
Discussion started by: presul
1 Replies
8. Red Hat
Today i was going through some of security guides written on linux .
Under shadow file security following points were mentioned.
1)The encrypted password stored under /etc/shadow file should have more than 14-25 characters.
2)Usernames in shadow file must satisfy to all the same rules as... (14 Replies)
Discussion started by: pinga123
14 Replies
9. Shell Programming and Scripting
On SPARC Solaris 10. I set the app account so it's expired. I also want it
so not required to change password at first login, I can do this by
removing the numbers after the password in /etc/shadow.
example using user1
The /etc/shadow file looks like this:
user1:kOmcVXAImRTAY:0::::90::
... (8 Replies)
Discussion started by: TKD
8 Replies
10. Shell Programming and Scripting
Hello friends,
We have encrypted password strings for all of our users (each user has different password).
After creating users in Linux, we replace encrypted passwords manually on /etc/shadow so that their passwords directly work. Instead we want to do it using scripting.
I tried with sed... (2 Replies)
Discussion started by: prvnrk
2 Replies
LEARN ABOUT OPENSOLARIS
ftpusers
ftpusers(4) File Formats ftpusers(4)
NAME
ftpusers - file listing users to be disallowed ftp login privileges
SYNOPSIS
/etc/ftpd/ftpusers
DESCRIPTION
The ftpusers file lists users for whom ftp login privileges are disallowed. Each ftpuser entry is a single line of the form:
name
where name is the user's login name.
The FTP Server, in.ftpd(1M), reads the ftpusers file. If the login name of the user matches one of the entries listed, it rejects the login
attempt.
The ftpusers file has the following default configuration entries:
root
daemon
bin
sys
adm
lp
uccp
nuucp
smmsp
listen
nobody
noaccess
nobody4
These entries match the default instantiated entries from passwd(4). The list of default entries typically contains the superuser root and
other administrative and system application identities.
The root entry is included in the ftpusers file as a security measure since the default policy is to disallow remote logins for this iden-
tity. This policy is also set in the default value of the CONSOLE entry in the /etc/default/login file. See login(1). If you allow root
login privileges by deleting the root entry in ftpusers, you should also modify the security policy in /etc/default/login to reflect the
site security policy for remote login access by root.
Other default entries are administrative identities that are typically assumed by system applications but never used for local or remote
login, for example sys and nobody. Since these entries do not have a valid password field instantiated in shadow(4), no login can be per-
formed.
If a site adds similar administrative or system application identities in passwd(4) and shadow(4), for example, majordomo, the site should
consider including them in the ftpusers file for a consistent security policy.
Lines that begin with # are treated as comment lines and are ignored.
FILES
/etc/ftpd/ftpusers A file that lists users for whom ftp login privileges are disallowed.
/etc/ftpusers See /etc/ftpd/ftpusers. This file is deprecated, although its use is still supported.
/etc/default/login
/etc/passwd password file
/etc/shadow shadow password file
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWftpr |
+-----------------------------+-----------------------------+
|Interface Stability |See below. |
+-----------------------------+-----------------------------+
The interface stability for /etc/ftpd/ftpusers is Volatile. The interface stability for /etc/ftpusers is (Obsolete).
SEE ALSO
login(1), in.ftpd(1M), ftpaccess(4), ftphosts(4), passwd(4), shadow(4), attributes(5), environ(5)
SunOS 5.11 1 May 2003 ftpusers(4)