/etc/passwd permissions
Ken McVay
kmcvay at oneb.wimsey.bc.ca
Thu May 16 07:46:00 AEST 1991
With /etc/passwd readable by everyone, it can be send uucp by anyone
with a shell account. Granted, encryption provides some protection, but
would it hurt anything to simply set the perms to r--r----- root root?
/bin/passwd runs suid root, as does su - while 'l' and similar utilities
do not, and show only the owner's userid #, rather than the owner's name.
I guess what I'm getting at is that I'd like to learn a great deal more
about protecting the system before I'll be comfortable with shell
accounts... any suggestions regarding the /etc/passwd and /etc/group
files, and others?
--
Public Access UUCP/UseNet (Waffle/XENIX 1.64) | kmcvay at oneb.wimsey.bc.ca|
TB+: 604-753-9960 2400: 604-754-9964 | ..van-bc!oneb!kmcvay |
FrontDoor 2.0/Maximus v1.02/Ufgate 1.03 | |
HST 14.4: 604-754-2928 | IMEx 89:681/1 |
More information about the Comp.unix.xenix.sco
mailing list