greensuman
asked on
how the normal user is able to change the /etc/passwd file though he is not having the permission in linux
how the normal user is able to change the /etc/passwd file though he is not having the write permission to change the file in linux
and /etc/shadow have only read permission for root user and no access for others
how the changes happening when they are changing the password
and /etc/shadow have only read permission for root user and no access for others
how the changes happening when they are changing the password
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When a user changes their password it is NOT the user that makes the changes, it is a process that runs with elevated priveledges.
Standard users do not, as you correctly stated, have the ability to directly chage these files, only via the tools that are provided.
Standard users do not, as you correctly stated, have the ability to directly chage these files, only via the tools that are provided.
A normal user DOES change these files by using the utilities I mentioned above. Yes, these utilities of course run as process--every program runs as at least one process with at least one thread each. But that is not the point. The point is that set UID permission empowers a common user by running with the utility's own's effective UID, which in this case is root. So a common user HAS the ability to change those files due to SUID of these binaries.
For further details take a look at
http://en.wikipedia.org/wiki/Setuid
For further details take a look at
http://en.wikipedia.org/wiki/Setuid
or
maybe logged in as a normal user then changed permission using the "su"
or
maybe knows the administrator account, by hooking up when administrator types the user-name and password to logged in.
or
a linux hacker that waits for the user to logged with the network using administrators account.
This is one good reason why admin not to use full administrative account mode during logging-in in the internet or local network.