Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!rutgers!mailrus!eecae!cps3xx!rang
From: rang@cpsin3.cps.msu.edu (Anton Rang)
Newsgroups: news.sysadmin
Subject: Re: How to stop future viruses.
Message-ID: <1033@cps3xx.UUCP>
Date: 9 Nov 88 19:13:02 GMT
References: <16722@agate.BERKELEY.EDU> <5420@saturn.ucsc.edu>
Sender: usenet@cps3xx.UUCP
Reply-To: rang@cpswh.cps.msu.edu (Anton Rang)
Organization: Michigan State University, Computer Science Dept.
Lines: 23
In-reply-to: koreth@ssyx.ucsc.edu's message of 9 Nov 88 06:44:22 GMT

In article <16722@agate.BERKELEY.EDU>, koreth@ssyx.ucsc.edu (Steven
Grimm) writes:
>In article <16722@agate.BERKELEY.EDU> greg@math.Berkeley.EDU (Greg) writes:
>>On most Unix systems that I've seen, /etc/passwd is publicly readable. 
>>There is no reason for this.
>
>Unless you're proposing adding another file with usernames and uids, /bin/ls
>will stop telling you who owns files if /etc/passwd isn't readable...

  So we should fix 'ls' too.  Sun is slowly moving in this direction.
Under SunOS 4.0, there is an option which causes the password file to
be split into two files: /etc/passwd, which contains all the
information except the actual encrypted password, and
/etc/security/passwd.adjunct (or something like that) which is NOT
world-readable and contains the encrypted passwords.  (Of course, it
doesn't always work right, but that's another story.)
  It's just plain STOOOPID to leave the passwords readable.  Why take
chances with your system?

+---------------------------+------------------------+----------------------+
| Anton Rang (grad student) | "UNIX: Just Say No!"   | "Do worry...be SAD!" |
| Michigan State University | rang@cpswh.cps.msu.edu |                      |
+---------------------------+------------------------+----------------------+