Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site linus.UUCP
Path: utzoo!linus!smk
From: smk@linus.UUCP (Steven M. Kramer)
Newsgroups: net.unix-wizards
Subject: Re: Inaccessible password files
Message-ID: <107@linus.UUCP>
Date: Sun, 17-Jul-83 03:26:39 EDT
Article-I.D.: linus.107
Posted: Sun Jul 17 03:26:39 1983
Date-Received: Sun, 17-Jul-83 04:23:45 EDT
References: unc.5531 <449@ritcv.UUCP>
Organization: MITRE Corp., Bedford MA
Lines: 14

Using the passwd file again for a utility is not exactly kosher as
far as good security/separation/... goes.  The passwd is the authentication
mechanism for you to gain access to the system (thought of as a resource
in a way).  You are now using the SAME entry device for another
resource.  What you have done is munged the idea of separation of
resources.  I agree with the idea of least privilege, but you'll see
it works much better with another authentication mechanism.  I
suggest using another set of passwords.  Then you'll get both
separation, least privilege, and you can protect BOTH passwd files
separately.
-- 
--steve kramer
	{allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk	(UUCP)
	linus!smk@mitre-bedford						(ARPA)