Xref: utzoo comp.unix.questions:9313 comp.bugs.sys5:564 Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!apple!voder!pyramid!prls!mips!dce From: dce@mips.COM (David Elliott) Newsgroups: comp.unix.questions,comp.bugs.sys5 Subject: Re: SVR3 passwd changes mode of passwd file Message-ID: <3441@dunkshot.mips.COM> Date: 21 Sep 88 14:49:06 GMT References: <3394@dunkshot.mips.COM> <1235@cbnews.ATT.COM> Reply-To: dce@dunkshot.UUCP (David Elliott) Organization: MIPS Computer Systems, Sunnyvale, CA Lines: 34 In article <1235@cbnews.ATT.COM> lvc@cbnews.ATT.COM (Lawrence V. Cipriani) writes: >In article <3394@dunkshot.mips.COM> dce@mips.COM (David Elliott) writes: >> > ... >>I have had a couple of complaints about this [/bin/passwd changes mode of >>/etc/passwd explicitly to 0444 -lvc], and would like to decide on a solution. >>Is it reasonable to have passwd fix the mode of the new /etc/passwd >>to be the same as the current /etc/passwd? > >No, unless you don't give a darn about security. What exactly is your >complaint about mode 0444 on /etc/passwd? Anything one should be allowed >to do to /etc/passwd should be done by root or the owner of /etc. A >carefully coded suid to root should do the job. Please elaborate what your >need is. I have no complaint. I have no need. Maybe I should make it clearer. A customer of ours who uses BSD Unix complained that "something" was changing the mode of /etc/passwd from 0644 (which he set it to) to 0444. I believe that the complaint was that he had to use ":w!" in vi (I know, vi'ing the password file is wrong, but we haven't had time to add a vipw program yet). On the other hand, let's remember what we're talking about here. If I want to create a file whose name contains spaces, Unix lets me. If I want to set up a file with mode 0002, Unix lets me. This is one of the aspects of the Unix philosophy. Why should Unix change the mode of my password file if I set it to something explicitly? This isn't a case of security. If he has to, this customer is going to set up a cron job to "fix" the mode of /etc/passwd because that's the mode he wants it to have. -- David Elliott dce@mips.com or {ames,prls,pyramid,decwrl}!mips!dce