[SunHELP] passwd file (need to be world readable)
Edward Chase
echase at studentweb.providence.edu
Thu Oct 31 16:12:32 CST 2002
So, it doesn't need to be?
Reason I ask is that we run our mail services on a Solaris box. Someone
recently pretty much emailed our whole student body. The only way I can
see that to get such a complete list is for one of our students to grab
/etc/passwd
It's kind of late now, but it made me think of how they could have gotten
all the email addresses...
Now, no more FTP to the box (some used it as a place to drop files and pick
up offcampus) and most users do not have shell access. Since my web based
email password change utility, there is no real need to telnet to the box.
At 01:44 PM 10/31/2002 -0700, Donaldson, Mark wrote:
>Basically it's traditional. It's an expectation from way back that the
>passwd file is readable by anyone.
>
>The response to the worry about security is to use a shadow password file.
>
>-M
>
>-----Original Message-----
>From: Edward Chase
>[<mailto:echase at studentweb.providence.edu>mailto:echase at studentweb.providence.edu]
>
>Sent: Thursday, October 31, 2002 1:27 PM
>To: sunhelp at sunhelp.org
>Subject: [SunHELP] passwd file (need to be world readable)
>
>Hello there,
>
>Does the /etc/passwd file need to be world readable?
>
>If so, why?
>
>
>---------------------------------------------------------------
> Edward F. Chase III | echase at studentweb.providence.edu
> Providence
> College |
> <http://studentweb.providence.edu>http://studentweb.providence.edu
> Computer Services |
> Providence, RI 02918 |
>_______________________________________________
>SunHELP maillist - SunHELP at sunhelp.org
><http://www.sunhelp.org/mailman/listinfo/sunhelp>http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list