SVR3 passwd changes mode of passwd file
Michael "Ford" Ditto
ditto at cbmvax.UUCP
Sun Sep 25 12:26:03 AEST 1988
In article <344 at stiatl.UUCP> meo at stiatl.UUCP (Miles O'Neal) writes:
>I suggest you tell the complainers to always leave the passwd file
>0444. NOBODY besides root should have access to that
The complaint here is not about security or lack thereof, it's about
programs undoing the system administrator's actions.
There is nothing more secure about a 0444 /etc/passwd than a 0644
one, but there are programs which aren't smart enough to know that
you can write an "unwritable" file if uid==0 (vi is an example).
Some people like the "extra work" required to write to a 0444 file,
but if so, they can chmod it themselves.
Where should this "enforced security" end? Should /bin/passwd also
chmod / to 555 mode as well? And what about /etc/? Should "ls"
remove world write permission from /dev/mem if it happens to discover
it?
--
-=] Ford [=-
"The number of Unix installations (In Real Life: Mike Ditto)
has grown to 10, with more expected." ford at kenobi.cts.com
- The Unix Programmer's Manual, ...!sdcsvax!crash!elgar!ford
2nd Edition, June, 1972. ditto at cbmvax.commodore.com
More information about the Comp.unix.questions
mailing list