On Friday 02 August 2002 11:29, Anders Johansson wrote:
On Friday 02 August 2002 11:22, Martin Knoblauch wrote:
The question is now: should the shadow file be world readable,
No, no, no, the whole point of having a shadow file is that it should be root-only.
completely agreed.
or chould kcheckpass be made setuid-root.
kcheckpass should be owned by root, group shadow and be setgid shadow.
chmod g+s /opt/kde3/bin/kcheckpass
yeah, problem turned out to be that kcheckpass was root.root. The mode was correct.
Also, check your security settings in /etc/sysconfig/security, variable PERMISSIONS_SECURITY. Edit permissions.{easy|secure|paranoid}, depending on your settings, and make sure that the line for kcheckpass has 2755 as the mode.
//Anders
OK, the setting was "easy, local". Interestingly CHECK_PERMISSIONS was "set", so the ownership should have been corrected automagically... which apparently did not work. Anyway, I am no longer locked out. Martin -- Martin Knoblauch Senior System Architect MSC.software GmbH Am Moosfeld 13 D-81829 Muenchen, Germany e-mail: martin.knoblauch@mscsoftware.com http://www.mscsoftware.com Phone/Fax: +49-89-431987-189 / -7189 Mobile: +49-174-3069245