LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-20-2018, 11:56 PM   #1
tvdtharindu
LQ Newbie
 
Registered: Sep 2018
Posts: 2

Rep: Reputation: Disabled
non-root permission to the /etc/shadow?


A regular user needs to change his password. Users' encrypted password is stored in /etc/shadow a file which can only be modified by the root user. How a non-root user can change his own password when he does not have write permission to the /etc/shadow?
 
Old 09-21-2018, 12:38 AM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Quote:
Originally Posted by tvdtharindu View Post
A regular user needs to change his password. Users' encrypted password is stored in /etc/shadow a file which can only be modified by the root user. How a non-root user can change his own password when he does not have write permission to the /etc/shadow?
The passwd program has the setuid bit. It's the "s" in "rws" below:
Code:
$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 54256 May 17  2017 /usr/bin/passwd
The effect is that a passwd process adopts the identity of the owner, in this case root. This is how it can modify the shadow file.

Lots of detail in Wikipedia.

Last edited by berndbausch; 09-21-2018 at 12:39 AM. Reason: added reference to Wikipedia
 
1 members found this post helpful.
Old 09-21-2018, 03:32 AM   #3
tvdtharindu
LQ Newbie
 
Registered: Sep 2018
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by berndbausch View Post
The passwd program has the setuid bit. It's the "s" in "rws" below:
Code:
$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 54256 May 17  2017 /usr/bin/passwd
The effect is that a passwd process adopts the identity of the owner, in this case root. This is how it can modify the shadow file.

Lots of detail in Wikipedia.
thanks berndbausch ..

did bit of research and found some details , but couldn't combine all those. your answer completed quarry
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mkdir throws Permission Denied error in a directoy even with root ownership and 777 permission surajchalukya Linux - Security 14 09-03-2012 08:34 AM
Hi - permission of /etc/shadow is -r--------. when a user changes his / her password. aol.aman Linux - Security 7 02-11-2012 12:56 PM
[SOLVED] Apache can't open /etc/shadow: permission denied. ThaMe90 Linux - Server 17 09-21-2011 09:52 AM
[SOLVED] What should the permission setting for the /etc/shadow file be? chris1973 Linux - Newbie 3 08-15-2010 02:21 AM
permission /etc/shadow ... stomach Linux - Software 6 12-24-2005 12:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration