kmcvay@oneb.wimsey.bc.ca (Ken McVay) (05/16/91)
With /etc/passwd readable by everyone, it can be send uucp by anyone with a shell account. Granted, encryption provides some protection, but would it hurt anything to simply set the perms to r--r----- root root? /bin/passwd runs suid root, as does su - while 'l' and similar utilities do not, and show only the owner's userid #, rather than the owner's name. I guess what I'm getting at is that I'd like to learn a great deal more about protecting the system before I'll be comfortable with shell accounts... any suggestions regarding the /etc/passwd and /etc/group files, and others? -- Public Access UUCP/UseNet (Waffle/XENIX 1.64) | kmcvay@oneb.wimsey.bc.ca| TB+: 604-753-9960 2400: 604-754-9964 | ..van-bc!oneb!kmcvay | FrontDoor 2.0/Maximus v1.02/Ufgate 1.03 | | HST 14.4: 604-754-2928 | IMEx 89:681/1 |
urban@cbnewsl.att.com (john.urban) (05/16/91)
In article <1991May15.214600.6733@oneb.wimsey.bc.ca> kmcvay@oneb.wimsey.bc.ca (Ken McVay) writes: >With /etc/passwd readable by everyone, it can be send uucp by anyone >with a shell account. Granted, encryption provides some protection, but >would it hurt anything to simply set the perms to r--r----- root root? > >/bin/passwd runs suid root, as does su - while 'l' and similar utilities >do not, and show only the owner's userid #, rather than the owner's name. > This is why some systems instituded a /etc/passwd and /etc/shadow scheme. /etc/passwd is just like it always was except that the passowrd field now has an x in it. /etc/shadow (ls -l -> -r-------- root sys) contains the name followed by the encrypted password (plus other stuff) (like /etc/passwd use to). Many commands look at /etc/passwd (like the l, ls, uucico, id, ps, crash and others), so by making /etc/passwd -r--r----- root/root many of these applications may start breaking. Sincerely, John Ben Urban