Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site linus.UUCP Path: utzoo!linus!smk From: smk@linus.UUCP (Steven M. Kramer) Newsgroups: net.unix-wizards Subject: Re: Inaccessible password files Message-ID: <107@linus.UUCP> Date: Sun, 17-Jul-83 03:26:39 EDT Article-I.D.: linus.107 Posted: Sun Jul 17 03:26:39 1983 Date-Received: Sun, 17-Jul-83 04:23:45 EDT References: unc.5531 <449@ritcv.UUCP> Organization: MITRE Corp., Bedford MA Lines: 14 Using the passwd file again for a utility is not exactly kosher as far as good security/separation/... goes. The passwd is the authentication mechanism for you to gain access to the system (thought of as a resource in a way). You are now using the SAME entry device for another resource. What you have done is munged the idea of separation of resources. I agree with the idea of least privilege, but you'll see it works much better with another authentication mechanism. I suggest using another set of passwords. Then you'll get both separation, least privilege, and you can protect BOTH passwd files separately. -- --steve kramer {allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP) linus!smk@mitre-bedford (ARPA)