Solved

how the normal user is  able to  change the  /etc/passwd file though he is not having the permission in linux

Posted on 2012-03-17
4
297 Views
Last Modified: 2012-06-27
how the normal user is  able to  change the  /etc/passwd file though he is not having the  write permission  to change the file in linux

and /etc/shadow  have only  read permission for  root user and no access for others

how the changes happening when they are changing the password
0
Comment
Question by:greensuman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 500 total points
ID: 37732651
Well, there are certain pieces of information that user can change in the /etc/passwd file.  He can change the shell by using command chsh and his/her information using chfn.

In /etc/shadow, user can change his/her password using passwd, thus changing the file.

All of the above utilities can by run by common users with root privileges because
1.  These are all binaries.
2.  They all have UID set thus if you do ls -l you would see something like
-rwsr-xr-x 1 root shadow 81856 May  8  2010 /usr/bin/passwd
0
 
LVL 14

Expert Comment

by:systan
ID: 37732661
its not normal, it's impossible

or
maybe logged in as a normal user then changed permission using the "su"

or
maybe knows the administrator account, by hooking up when administrator types the user-name and password to logged in.

or
a linux hacker that waits for the user to logged with the network using administrators account.
This is one good reason why admin not to use full administrative account mode during logging-in in the internet or local network.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37732666
When a user changes their password it is NOT the user that makes the changes, it is a process that runs with elevated priveledges.

Standard users do not, as you correctly stated, have the ability to directly chage these files, only via the tools that are provided.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 37732688
A normal user DOES change these files by using the utilities I mentioned above.  Yes, these utilities of course run as process--every program runs as at least one process with at least one thread each.  But that is not the point.  The point is that set UID permission empowers a common user by running with the utility's own's effective UID, which in this case is root.  So a common user HAS the ability to change those files due to SUID of these binaries.

For further details take a look at
http://en.wikipedia.org/wiki/Setuid
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question