Re: permission of shadow file and upgrade the kernel
On Mon, 2007-04-09 at 17:37 -0700, Bob McGowan wrote:
[snip]
> One might wonder why it isn't just 600, if the only user needing access
> is root? The answer may be in the permissions and owner/group:
>
> -rw-r----- 1 root shadow ....
>
> It would appear there are (or could potentially be) tools that need to
> only read the file. Rather than make them set uid to root, which would
> give them rw permission, they are set gid so they have ro permission,
> which limits the damage they could potentially do.
You are correct. Things like authentication for various services are
just one of many.
--
greg, greg@gregfolkert.net
Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup
Reply to: