Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!tut.cis.ohio-state.edu!cs.utexas.edu!natinst!rpp386!jfh
From: jfh@rpp386.cactus.org (John F. Haugh II)
Newsgroups: comp.unix.wizards
Subject: Re: What should the password/security/userinfo/login system include?
Message-ID: <17427@rpp386.cactus.org>
Date: 10 Dec 89 20:33:13 GMT
References: <4180@sbcs.sunysb.edu> <1989Dec7.172233.10130@chinet.chi.il.us> <1236@ispi.UUCP> <1989Dec9.053433.5407@chinet.chi.il.us>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Distribution: usa
Organization: Lone Star Cafe and BBS Service
Lines: 15

In article <1989Dec9.053433.5407@chinet.chi.il.us> les@chinet.chi.il.us (Leslie Mikesell) writes:
>If they are written to a file that can only be read by root, why
>should I worry about that?  If someone can already get root permissions
>why would they want to know any other passwords?

will the file always be readable by root only?

there is a serious difference between being able to access data
and having root privilege.  unix security is based on your knowing
something, so the information is very valuable.
-- 
John F. Haugh II                        +-Things you didn't want to know:------
VoiceNet: (512) 832-8832   Data: -8835  | In Ham lingo DEC is rot-13 for "Low
InterNet: jfh@rpp386.cactus.org         | Power".  "CPU?"  "QRP Vax-11."
UUCPNet:  {texbell|bigtex}!rpp386!jfh   +--------------------------------------