SVR3 passwd changes mode of passwd file

[David Elliott]

In article <1235 at cbnews.ATT.COM> lvc at cbnews.ATT.COM (Lawrence V. Cipriani) writes:
>In article <3394 at dunkshot.mips.COM> dce at mips.COM (David Elliott) writes:
>>
>	...
>>I have had a couple of complaints about this [/bin/passwd changes mode of
>>/etc/passwd explicitly to 0444 -lvc], and would like to decide on a solution.
>>Is it reasonable to have passwd fix the mode of the new /etc/passwd
>>to be the same as the current /etc/passwd?
>
>No, unless you don't give a darn about security.  What exactly is your
>complaint about mode 0444 on /etc/passwd? Anything one should be allowed
>to do to /etc/passwd should be done by root or the owner of /etc.  A
>carefully coded suid to root should do the job.  Please elaborate what your
>need is.

I have no complaint.  I have no need.  Maybe I should make it clearer.
A customer of ours who uses BSD Unix complained that "something" was
changing the mode of /etc/passwd from 0644 (which he set it to) to 0444.
I believe that the complaint was that he had to use ":w!" in vi (I know,
vi'ing the password file is wrong, but we haven't had time to add a vipw
program yet).

On the other hand, let's remember what we're talking about here.  If I
want to create a file whose name contains spaces, Unix lets me.  If I
want to set up a file with mode 0002, Unix lets me.  This is one of the
aspects of the Unix philosophy.  Why should Unix change the mode of
my password file if I set it to something explicitly?

This isn't a case of security.  If he has to, this customer is going to
set up a cron job to "fix" the mode of /etc/passwd because that's the
mode he wants it to have.

-- 
David Elliott		dce at mips.com  or  {ames,prls,pyramid,decwrl}!mips!dce