Solved

how the normal user is  able to  change the  /etc/passwd file though he is not having the permission in linux

Posted on 2012-03-17
4
288 Views
Last Modified: 2012-06-27
how the normal user is  able to  change the  /etc/passwd file though he is not having the  write permission  to change the file in linux

and /etc/shadow  have only  read permission for  root user and no access for others

how the changes happening when they are changing the password
0
Comment
Question by:greensuman
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 500 total points
ID: 37732651
Well, there are certain pieces of information that user can change in the /etc/passwd file.  He can change the shell by using command chsh and his/her information using chfn.

In /etc/shadow, user can change his/her password using passwd, thus changing the file.

All of the above utilities can by run by common users with root privileges because
1.  These are all binaries.
2.  They all have UID set thus if you do ls -l you would see something like
-rwsr-xr-x 1 root shadow 81856 May  8  2010 /usr/bin/passwd
0
 
LVL 14

Expert Comment

by:systan
ID: 37732661
its not normal, it's impossible

or
maybe logged in as a normal user then changed permission using the "su"

or
maybe knows the administrator account, by hooking up when administrator types the user-name and password to logged in.

or
a linux hacker that waits for the user to logged with the network using administrators account.
This is one good reason why admin not to use full administrative account mode during logging-in in the internet or local network.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37732666
When a user changes their password it is NOT the user that makes the changes, it is a process that runs with elevated priveledges.

Standard users do not, as you correctly stated, have the ability to directly chage these files, only via the tools that are provided.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 37732688
A normal user DOES change these files by using the utilities I mentioned above.  Yes, these utilities of course run as process--every program runs as at least one process with at least one thread each.  But that is not the point.  The point is that set UID permission empowers a common user by running with the utility's own's effective UID, which in this case is root.  So a common user HAS the ability to change those files due to SUID of these binaries.

For further details take a look at
http://en.wikipedia.org/wiki/Setuid
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now