Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-26-2007, 01:45 AM   #1
LQ Newbie
Registered: Oct 2007
Posts: 3

Rep: Reputation: 0
Smile how local user able to change password?

I have been thinking how normal users are able to change their password. I heard the linux password file reside encrypted at the /etc/shadow file which has root permission only. then how are we able to change our password if we cannot access the shadow file?
Old 10-26-2007, 01:49 AM   #2
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
You use the "passwd" program. It is an suid root program. If you run it as a normal user, you can only change your own password. If you run it as root, you can change anyones password. When the program edits the /etc/passwd & /etc/shadow files, it does so as the root user.
Old 10-29-2007, 01:56 AM   #3
LQ Newbie
Registered: Oct 2007
Posts: 3

Original Poster
Rep: Reputation: 0
then is there no other way to view /etc/shadow by a local user?
Old 10-29-2007, 03:39 AM   #4
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 312

Rep: Reputation: 52
No, not unless the privileges on the file have been set wrong, or someone made an editor or something setruid root or gained root (or group shadow) on your system.

The Shadow Suite solves the problem by relocating the passwords to
another file (usually /etc/shadow). The /etc/shadow file is set so
that it cannot be read by just anyone. Only root will be able to read
and write to the /etc/shadow file. Some programs (like xlock) don't
need to be able to change passwords, they only need to be able to
verify them. These programs can either be run suid root or you can
set up a group shadow that is allowed read only access to the
/etc/shadow file. Then the program can be run sgid shadow.
-rw-r----- 1 root shadow 493 2007-08-19 08:36 /etc/shadow

See 'man shadow' and the stuff in /usr/doc/shadow-(version)/.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Cannot Add a User to User Manager or Change Root Password lennysokol Linux - General 2 06-25-2005 09:59 AM
local user name and password exposed hagen00 Linux - Security 3 05-17-2005 10:57 AM
what is the command to make a user change their password after creating a new user? naweenio Linux - Newbie 7 01-05-2005 07:07 AM
Samba Administrator does not have privilage to change local machine password vijayandra Linux - Networking 0 11-20-2003 09:26 AM
change password local user vsftp ?? cosmonate Linux - Security 8 02-19-2003 07:56 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:42 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration