how the normal user is able to change the /etc/passwd file though he is not having the permission in linux

how the normal user is  able to  change the  /etc/passwd file though he is not having the  write permission  to change the file in linux

and /etc/shadow  have only  read permission for  root user and no access for others

how the changes happening when they are changing the password
greensumanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

farzanjCommented:
Well, there are certain pieces of information that user can change in the /etc/passwd file.  He can change the shell by using command chsh and his/her information using chfn.

In /etc/shadow, user can change his/her password using passwd, thus changing the file.

All of the above utilities can by run by common users with root privileges because
1.  These are all binaries.
2.  They all have UID set thus if you do ls -l you would see something like
-rwsr-xr-x 1 root shadow 81856 May  8  2010 /usr/bin/passwd
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
systanCommented:
its not normal, it's impossible

or
maybe logged in as a normal user then changed permission using the "su"

or
maybe knows the administrator account, by hooking up when administrator types the user-name and password to logged in.

or
a linux hacker that waits for the user to logged with the network using administrators account.
This is one good reason why admin not to use full administrative account mode during logging-in in the internet or local network.
0
Neil RussellTechnical Development LeadCommented:
When a user changes their password it is NOT the user that makes the changes, it is a process that runs with elevated priveledges.

Standard users do not, as you correctly stated, have the ability to directly chage these files, only via the tools that are provided.
0
farzanjCommented:
A normal user DOES change these files by using the utilities I mentioned above.  Yes, these utilities of course run as process--every program runs as at least one process with at least one thread each.  But that is not the point.  The point is that set UID permission empowers a common user by running with the utility's own's effective UID, which in this case is root.  So a common user HAS the ability to change those files due to SUID of these binaries.

For further details take a look at
http://en.wikipedia.org/wiki/Setuid
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.