On Friday 02 August 2002 12:51, Monaghan, John wrote:
I agree but you originally could not "see" the shadow file with kcheckpass and the fix was to set ownership to root, group to shadow and setgid shadow. The latter of which I thought was just as much a security risk or am I totally wrong?
If the shadow file were world readable then, as Martin said, you might as well stick with the plain /etc/passwd file. Anyone would be free to run dictionary attacks against it, or more sofisticated attacks. Having a daemon setuid root, or setgid shadow, means that users only get to read the file if they can hack the daemon (i.e. if there's a bug in it). If the daemon were setuid root they'd be "in", while if it's setgid shadow they'd just be able to read the shadow file, which means they still have some hacking to do, which buys the admin a little more time in securing the machine. regards Anders