Re: Shadow passwords and GNU su

To: debian-devel@lists.debian.org
Subject: Re: Shadow passwords and GNU su
From: Stuart Lamble <lamble@yoyo.cc.monash.edu.au>
Date: Sun, 15 Dec 96 13:50:23 +1100
Message-id: <[🔎] 199612150250.NAA09999@aurora.cc.monash.edu.au>
In-reply-to: Message from jgoerzen@complete.org of 96-Dec-13 17:36:48, <[🔎] 199612132336.RAA21371@complete.org>

John Goerzen <jgoerzen@complete.org> wrote:
>> Tom Lees:
>> > But if Debian is supposed to be moving to shadow in general anyway, why
>> > give new users the (rather confusing) choice?
>> 
>> Right now, the shadow packages need more testing.  Maybe later...
>> Many people run single user systems and don't need shadow passwords.
>
>But having shadow password won't hurt them.
>
>Once installed, shadow passwords are invisible to the user.
>
>And if security is an issue, install /etc/shadow chgrp to shadow and g+rw, the
                                                                      ^^^^
>n required binaries can be installed setgid to shadow and do not need to run s
>etuid to root.

If /etc/shadow is g+rw, then sgid shadow becomes, in effect, suid root (because
the ability to get shadow group access effectively would allow you to gain
root access - just edit /etc/shadow.)

At most, it should be g+r. (IMO)


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: Shadow passwords and GNU su
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: More info on making Debian thread safe.
Next by Date: Re: libgdbm 1.7.3 reworked with debmake
Previous by thread: Re: Qmail
Next by thread: Re: Shadow passwords and GNU su
Index(es):
- Date
- Thread