Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!swrinde!mips!pacbell.com!att!att!cbnewsl!urban
From: urban@cbnewsl.att.com (john.urban)
Newsgroups: comp.unix.xenix.sco
Subject: Re: /etc/passwd permissions
Keywords: passwd
Message-ID: <1991May16.163107.26467@cbnewsl.att.com>
Date: 16 May 91 16:31:07 GMT
References: <1991May15.214600.6733@oneb.wimsey.bc.ca>
Distribution: na
Organization: AT&T Bell Laboratories
Lines: 22

In article <1991May15.214600.6733@oneb.wimsey.bc.ca> kmcvay@oneb.wimsey.bc.ca (Ken McVay) writes:
>With /etc/passwd readable by everyone, it can be send uucp by anyone
>with a shell account. Granted, encryption provides some protection, but
>would it hurt anything to simply set the perms to r--r----- root root?
>
>/bin/passwd runs suid root, as does su - while 'l' and similar utilities
>do not, and show only the owner's userid #, rather than the owner's name.
>

This is why some systems instituded a /etc/passwd and /etc/shadow scheme.
/etc/passwd is just like it always was except that the passowrd field now
has an x in it.  /etc/shadow (ls -l -> -r-------- root sys) contains the
name followed by the encrypted password (plus other stuff) (like /etc/passwd
use to).

Many commands look at /etc/passwd (like the l, ls, uucico, id, ps, crash and
others), so by making /etc/passwd -r--r----- root/root many of these applications
may start breaking.

Sincerely,

John Ben Urban