Re: Shadow passwords and GNU su
John Goerzen <jgoerzen@complete.org> wrote:
>> Tom Lees:
>> > But if Debian is supposed to be moving to shadow in general anyway, why
>> > give new users the (rather confusing) choice?
>>
>> Right now, the shadow packages need more testing. Maybe later...
>> Many people run single user systems and don't need shadow passwords.
>
>But having shadow password won't hurt them.
>
>Once installed, shadow passwords are invisible to the user.
>
>And if security is an issue, install /etc/shadow chgrp to shadow and g+rw, the
^^^^
>n required binaries can be installed setgid to shadow and do not need to run s
>etuid to root.
If /etc/shadow is g+rw, then sgid shadow becomes, in effect, suid root (because
the ability to get shadow group access effectively would allow you to gain
root access - just edit /etc/shadow.)
At most, it should be g+r. (IMO)
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: