LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-26-2007, 01:45 AM   #1
dickysolo
LQ Newbie
 
Registered: Oct 2007
Posts: 3

Rep: Reputation: 0
Smile how local user able to change password?


I have been thinking how normal users are able to change their password. I heard the linux password file reside encrypted at the /etc/shadow file which has root permission only. then how are we able to change our password if we cannot access the shadow file?
 
Old 10-26-2007, 01:49 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You use the "passwd" program. It is an suid root program. If you run it as a normal user, you can only change your own password. If you run it as root, you can change anyones password. When the program edits the /etc/passwd & /etc/shadow files, it does so as the root user.
 
Old 10-29-2007, 01:56 AM   #3
dickysolo
LQ Newbie
 
Registered: Oct 2007
Posts: 3

Original Poster
Rep: Reputation: 0
then is there no other way to view /etc/shadow by a local user?
 
Old 10-29-2007, 03:39 AM   #4
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 253

Rep: Reputation: 36
No, not unless the privileges on the file have been set wrong, or someone made an editor or something setruid root or gained root (or group shadow) on your system.

Quote:
The Shadow Suite solves the problem by relocating the passwords to
another file (usually /etc/shadow). The /etc/shadow file is set so
that it cannot be read by just anyone. Only root will be able to read
and write to the /etc/shadow file. Some programs (like xlock) don't
need to be able to change passwords, they only need to be able to
verify them. These programs can either be run suid root or you can
set up a group shadow that is allowed read only access to the
/etc/shadow file. Then the program can be run sgid shadow.
-rw-r----- 1 root shadow 493 2007-08-19 08:36 /etc/shadow

See 'man shadow' and the stuff in /usr/doc/shadow-(version)/.
 
  


Reply

Tags
linux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Cannot Add a User to User Manager or Change Root Password lennysokol Linux - General 2 06-25-2005 09:59 AM
local user name and password exposed hagen00 Linux - Security 3 05-17-2005 10:57 AM
what is the command to make a user change their password after creating a new user? naweenio Linux - Newbie 7 01-05-2005 07:07 AM
Samba Administrator does not have privilage to change local machine password vijayandra Linux - Networking 0 11-20-2003 09:26 AM
change password local user vsftp ?? cosmonate Linux - Security 8 02-19-2003 07:56 AM


All times are GMT -5. The time now is 11:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration