Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how the normal user is  able to  change the  /etc/passwd file though he is not having the permission in linux

Posted on 2012-03-17
4
Medium Priority
?
299 Views
Last Modified: 2012-06-27
how the normal user is  able to  change the  /etc/passwd file though he is not having the  write permission  to change the file in linux

and /etc/shadow  have only  read permission for  root user and no access for others

how the changes happening when they are changing the password
0
Comment
Question by:greensuman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 2000 total points
ID: 37732651
Well, there are certain pieces of information that user can change in the /etc/passwd file.  He can change the shell by using command chsh and his/her information using chfn.

In /etc/shadow, user can change his/her password using passwd, thus changing the file.

All of the above utilities can by run by common users with root privileges because
1.  These are all binaries.
2.  They all have UID set thus if you do ls -l you would see something like
-rwsr-xr-x 1 root shadow 81856 May  8  2010 /usr/bin/passwd
0
 
LVL 14

Expert Comment

by:systan
ID: 37732661
its not normal, it's impossible

or
maybe logged in as a normal user then changed permission using the "su"

or
maybe knows the administrator account, by hooking up when administrator types the user-name and password to logged in.

or
a linux hacker that waits for the user to logged with the network using administrators account.
This is one good reason why admin not to use full administrative account mode during logging-in in the internet or local network.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37732666
When a user changes their password it is NOT the user that makes the changes, it is a process that runs with elevated priveledges.

Standard users do not, as you correctly stated, have the ability to directly chage these files, only via the tools that are provided.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 37732688
A normal user DOES change these files by using the utilities I mentioned above.  Yes, these utilities of course run as process--every program runs as at least one process with at least one thread each.  But that is not the point.  The point is that set UID permission empowers a common user by running with the utility's own's effective UID, which in this case is root.  So a common user HAS the ability to change those files due to SUID of these binaries.

For further details take a look at
http://en.wikipedia.org/wiki/Setuid
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question