Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!constellation!news.uoknor.edu!ns1.nodak.edu!netnews.nwnet.net!news.uoregon.edu!gaia.ucs.orst.edu!umn.edu!mr.net!msc.edu!sgiblab!uhog.mit.edu!europa.eng.gtefsd.com!howland.reston.ans.net!usenet.ins.cwru.edu!usenet.mcs.kent.edu!not-for-mail From: greg@dell.kent.edu (Greg Spiegelberg) Newsgroups: comp.os.386bsd.questions Subject: Re: secure dist/passwd Date: 20 Jan 1994 22:18:46 -0500 Organization: NetBSD v0.8 UNIX @ Kent State University Lines: 29 Message-ID: <2hnhj4INN60b@dell.kent.edu> References: <QhC4g6O00VBNEFf0gK@andrew.cmu.edu> <2hg3qb$nut@sylvester.cc.utexas.edu> NNTP-Posting-Host: dell.kent.edu In article <2hg3qb$nut@sylvester.cc.utexas.edu>, Vax <vax@sylvester.cc.utexas.edu> wrote: >In article <QhC4g6O00VBNEFf0gK@andrew.cmu.edu>, >Timothy J Kniveton <tim+@CMU.EDU> wrote: >>no users except myself and root (i think people in the root group) can >>run passwd. since the permissions of passwd allow read + execute for >>anyone, > >Um, I don't mean to sound simplistic, but have you checked that it's >SUID root? You must, of course, be root to modify the password files. >passwd, of course, should be rw-r--r-- and master.passwd rw------- >Not sure about the write perms, you may not need them; doesn't hurt tho. >/usr/bin/passwd should be r-sr-xr-x root bin > >Disclaimer: I'm not trying to sound pedantic; just ruling out the simple fix. Sounded right to me. I just brought up a NetBSD v0.9 system here and unless the user's account is in the wheel/root groups it doesn't work. Those accounts are able to execute other programs with same priv's and suid root. Any other suggestions? ----- Greg Spiegelberg | College of Business, Kent State University greg@dell.kent.edu | Novell Network Administrator gspiegel@bsa1.kent.edu | NetBSD UNIX System Administrator gspiegel@mcs.kent.edu | General All-Around Good Guy ;) #include<std.disclaimer.h>