Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!qns3.qns.com!imci4!newsfeed.internetmci.com!iol!tank.news.pipex.net!pipex!blackbush.xlink.net!news.nordwest.de!lemur.nord.de!dagobert.lemur.nord.de!thomas From: THOMAS Wintergerst <thomas@dagobert.lemur.nord.de> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Shadow password functions? Date: Sat, 30 Mar 1996 19:40:10 +0100 Organization: Lemuria Private Computing Lines: 29 Message-ID: <Pine.BSF.3.91.960330192221.16407C-100000@dagobert.lemur.nord.de> References: <4j5qf7$hja@cpmt.cyberport.net> <m0u2OtS-0001l8C@hammy.lonestar.org> NNTP-Posting-Host: dagobert.lemur.nord.de Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII In-Reply-To: <m0u2OtS-0001l8C@hammy.lonestar.org> On Thu, 28 Mar 1996, Gordon Burditt wrote: > Date: Thu, 28 Mar 96 15:06 CST > From: Gordon Burditt <sneaky.lerctr.org!gordon@picard.nord.de> > To: lemur.nord.de!thomas@picard.nord.de > Newgroups: comp.unix.bsd.freebsd.misc > Subject: Re: Shadow password functions? > > >program this is the recommended way. I think there is no (official) way to > >let a normal user read the encrypted password. > > I thought the whole point of shadow password files was to not let > normal users, authorized or not, read encrypted passwords, period. > > Gordon L. Burditt > sneaky.lerctr.org!gordon > Normal users are not able to read the shadow password file. This can only be done by root or by programs that are "setuid root". These programs like "login" or "passwd" must be carefully written (and I hope they are). So if someone wants to read encrypted passwords he must install a "setuid root" program or gain root access somehow. And if he can do this the system can be hacked anyway. Sorry if the word "official" was confusing. Thomas