LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   /etc/shadow and /etc/passwd permissions question (http://www.linuxquestions.org/questions/linux-security-4/etc-shadow-and-etc-passwd-permissions-question-530733/)

lqchangba 02-20-2007 09:43 AM

/etc/shadow and /etc/passwd permissions question
 
i logged in as a root user and used a command
chmod u-s /etc/shadow
i removed suid bit from the file
though suid bit was not set on the file the file had permission before running the command was
-r--------
and the permission was same after removing suid bit
then i logged as a ordinary user and the normal user could not change own password with the command "passwd"
again i set the suid bit on the file
chmod u+s /etc/shadow
but still the ordinary user (not root user)cannot change own passwd what should i do please help me
what permission should i have to give to the file /etc/passwd for making it normal...
i am using RHEL4 and the actual permission of the file is supposed to be
-r-------- 1 root root 1116 Feb 20 20:36 /etc/shadow
and i chaged the permission to this it is still not working
i am using RHEL4 and the actual permission of the file is supposed to be
-r-------- 1 root root 1116 Feb 20 20:36 /etc/shadow
and i chaged the permission to this it is still not working

win32sux 02-20-2007 09:53 AM

welcome to LQ... please use a more adequate/descriptive title for your thread next time...

here's what passwd and shadow look like on my ubuntu box in case it helps you...
Code:

win32sux@candystore:~$ ls -l /etc/shadow
-rw-r----- 1 root shadow 843 2007-02-07 08:59 /etc/shadow
win32sux@candystore:~$ ls -l /etc/passwd
-rw-r--r-- 1 root root 1315 2007-02-07 08:59 /etc/passwd

PS: i'm changing this thread's title from "urgent" to "/etc/shadow and /etc/passwd permissions question"...

libkarl2 02-20-2007 12:46 PM

vipw -- The forgotten editor...
 
Did you edit /etc/passwd with something other than vipw? Such as regular vi, or emacs? You may want to reopen /etc/passwd with vipw and exit out. If vipw(8) complains about the file being locked, then you found your problem. Read vipw(8) and vigr(8) for details.

I hate to sound superstitious and paranoid, but vipw(8) and vigr(8) do *things* before and after you edit /etc/passwd and /etc/groups such as aquire/release locks and post-processing. They prevent two admins from trying to edit those files at the same time.

In the event that vipw(8) hangs, dies abruptly, is suspended, or absent mindedly placed in the background BEFORE the locks are released, /etc/passwd _stays_ locked, no post-processing is performed, and the passwd(1) command will usually fail for non-root users.


All times are GMT -5. The time now is 01:14 AM.