LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-26-2004, 09:11 AM   #1
lasindi
Member
 
Registered: Apr 2004
Distribution: Slackware, Ubuntu
Posts: 101

Rep: Reputation: 15
Can root view other users' passwords?


I'm just wondering if you can see other users' passwords when you're logged in as root. I know you can change their passwords if you want, but can you actually view them? Thanks.

lasindi
 
Old 06-26-2004, 09:25 AM   #2
SBing
Member
 
Registered: Mar 2004
Posts: 519

Rep: Reputation: 35
I don't believe so, linux passwords are stored in a one way enrypted form (DES) - sure you could view the encrypted passwords, but to decrypt them by bruteforcing could take a VERY long time.

Steve
 
Old 06-26-2004, 10:25 AM   #3
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
yes, root can surely view /etc/shadow but since the passwords are stored in an encrypted form (MD5), (s)he would not be able to get the clear text form without some tool.

As root can

#su - <username>

(s)he would hardly require a user password.

If a user has the same password on all the systems (s)he uses, and root of one system does not have any rights on other systems and this root does not bear the best of character, (s)he *may* be able to extract the clear text password of a target user to gain access to the other system. (Is that a bit confusing?)

Again, as pointed in the earlier post, this password extraction activity (to my belief) is time consuming.

Last edited by ppuru; 06-26-2004 at 10:32 AM.
 
Old 06-26-2004, 04:27 PM   #4
xathras
LQ Newbie
 
Registered: Jun 2004
Posts: 25

Rep: Reputation: 15
The only way to view the passwords would be to decrypt the password file, good luck!
 
Old 06-27-2004, 07:29 AM   #5
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
there are lists of all the possible encryptions for every word in a dictionary that people can use to decrypt a password, so if there pass is a dictionary word it would be possible if you have such a list in your possession
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
remove passwords from all users? paul_mat Linux - Networking 2 06-23-2005 06:59 PM
Cant set passwords for new users ribbones Linux - Newbie 2 09-03-2003 11:52 AM
Help with users and passwords???? graystarr Linux - Software 3 04-21-2003 10:40 AM
users/passwords scipts Anthony Programming 1 03-27-2002 08:40 PM
Root view of users telnet faustus Linux - Networking 3 05-23-2001 01:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration