Shadow file is important?

hus · 05-10-2004, 02:37 PM

I think it's not nescesary if your passwd file is set permission
to not readable and writeable.

jpbarto · 05-10-2004, 03:04 PM

If your password file is not readable by anyone then how will you log in?

iainr · 05-10-2004, 04:00 PM

Not to mention how will your shell know which username maps onto which UID, or any of the other information held in the passwd file.

hus · 05-12-2004, 09:44 AM

jpbarto I can login ,

localhostlogin: hus
password:
Last login :Tue May 11 20:20:02 on tty1
id:cannot find name for user ID 500
id:cannot find name for group ID 500
id:cannot find name for user ID 500

[I have no name!@localhost]$
[I have no name!@localhost]$ who am i
hus tty1 may 11 20:23
[I have no name!@localhost]$less /etc/passwd
/etc/passwd: Permission denied

and I can do anythings like hus

PS: passwd&group file is not readable for all

jpbarto · 05-13-2004, 09:46 AM

Perhaps I don't know enough about the login process, however, the login (getty?) is probably using your shadow file to verify the login and giving you a bash. However if you were to eliminate the shadow file as the subject of this thread would imply, and store the passwords in the /etc/passwd which is not readable by anyone then you would not be able to login.

But then I've never tested this, it just seems to me to be what would happen. Feel free to give it a shot, just be sure to have a boot disk laying around somewhere in case I'm right.