Path: utzoo!attcan!uunet!vsi!friedl
From: friedl@vsi.COM (Stephen J. Friedl)
Newsgroups: news.sysadmin
Subject: Re: How to stop future viruses.
Summary: /etc/passwd should be readable
Message-ID: <934@vsi.COM>
Date: 11 Nov 88 01:24:54 GMT
References: <16722@agate.BERKELEY.EDU>
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 22

In article <16722@agate.BERKELEY.EDU>, greg@oreo.berkeley.edu (Greg) writes:
> [how to prevent future virii]
> 
> 1.  Protect the password file.
> 
> On most Unix systems that I've seen, /etc/passwd is publicly readable. 
> There is no reason for this.

By default, yes there is.  Many commands use the password file for
the uid<-->uname (and gecos) lookups, and simply changing the mode
of /etc/passwd will break a lot of systems.

System V Release 3.2 and beyond address this by moving the password
portion of /etc/passwd into /etc/shadow.  This way, /etc/passwd is
readable and /etc/shadow is not.

     Steve

-- 
Steve Friedl    V-Systems, Inc.  +1 714 545 6442    3B2-kind-of-guy
friedl@vsi.com     {backbones}!vsi.com!friedl    attmail!vsi!friedl
------------Nancy Reagan on the worm: "Just say OH NO!"------------