Path: utzoo!attcan!uunet!samsung!umich!sharkey!math.lsa.umich.edu!rphroy!teemc!ka3ovk!raysnec!shwake
From: shwake@raysnec.UUCP (Ray Shwake)
Newsgroups: comp.unix.questions
Subject: Re: How secure is UNIX?
Summary: Simple mod to passwd to discriminate group access
Message-ID: <67@raysnec.UUCP>
Date: 12 Jun 90 15:39:32 GMT
References: <1990May23.100928.10699@agate.berkeley.edu> <720016@hpclapd.HP.COM> <1557@quando.UUCP>
Reply-To: shwake@raysnec.UUCP (Ray Shwake)
Distribution: na
Organization: IRS - ACI Project Office
Lines: 15

In article <1557@quando.UUCP> omerzu@quando.UUCP (Thomas Omerzu) writes:
>
>but have you ever tried to remove public read permissions
>from /etc/passwd?
>Very funny results, not the simplest 'ls -l' will work ...

I recently structured permissions on one password file such that one
group - let's call them outsider - can't access /etc/passwd, but others
can. Simply assign GROUP ownership of /etc/password to the outsider
group and take away their read permission. viz.

-rw----r--   1 bin      outsider    1041 May 02 16:26 /etc/passwd

BTW, many new UNIX implementations post-3.2 support password shadowing,
such that the encrypted passwords are NOT publicly accessible.