Hi - permission of /etc/shadow is -r--------. when a user changes his / her password.

aol.aman · 02-08-2012, 01:21 PM

Hi - permission of /etc/shadow is -r--------. when a user changes his / her password, how /etc/shadow password is updated? Is it due to GID / UID set on this file? Also, /etc/shadow file is a soft link, which is the actual file? Is it /etc/passwd?

Kindly assist.

droyden · 02-08-2012, 03:33 PM

Passwd binary is suid root thus it can open the file r/w

Marios Zindilis · 02-08-2012, 03:55 PM

Hello,

Any user can execute passwd and subsequently update /etc/shadow, because the passwd executable has Set User ID (SUID) set, which essentially means that the program runs with the permissions of its owner, no matter which user calls it. You can see the permissions of the executable:

Code:

yovan marios # ls -l /usr/bin/passwd 
-rwsr-xr-x 1 root root 42824 2011-06-24 12:28 /usr/bin/passwd

The "s" in the permissions string indicates just that.

It's strange that you say that /etc/shadow is a soft link. You can verify if it is, and see a link's target with ls -l. Do:

Code:

ls -l /etc/shadow

and you will see if it's a link, and where it links.

aol.aman · 02-09-2012, 02:47 AM

Thanks Droyden and Marios. I had been told that /etc/shadow is a symbolic link of an another file. That's confirmed that it is not a softlink, but is a hard link to any file? Thanks again !!

Marios Zindilis · 02-09-2012, 03:51 AM

Again, you can see that from the output of ls -l.

The number after the permissions is the number of hardlinks that point to the same file or directory. All files have at least 1 hardlink, which is the file itself. All directories have at least 2 hardlinks, which are . and ..

Linux_Kidd · 02-10-2012, 09:28 AM

may i ask in what context is the question being posed? student, self learner, linux admin, etc?

aol.aman · 02-10-2012, 08:02 PM

Thanks Marios !! /etc/shadow

@ Linux_Kidd - I was told that /etc/shadow file is a symbolic file , in interview with company Redhat. Which file is it linked to? That's what I am trying to figure out. I presumed it must /etc/passwd but it doesn't has any symbolic link.

ls -lt /etc/shadow
-r-------- 1 root root 6243 Feb 4 08:08 /etc/shadow

ls -l /etc/passwd
-rw-r--r-- 1 root root 14992 Feb 4 08:08 /etc/passwd

If there a explict symbolic link on a file, file permission's 1st bit would be 'l' representing it is a symbolic link
and the count would be greater than 2. (Please correct me if i am wrong)
something like:-

lrwxrwxrwx 1 bediaman bediaman 4 Feb 7 00:20 test1 -> test

Linux_Kidd · 02-11-2012, 12:56 PM

these files are not linked. shadow and passwd or two totally different text files, and neither is linked to the binary "passwd".