Xref: utzoo comp.unix.questions:9410 comp.bugs.sys5:578 Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!agate!eos!amelia!ames!vsi1!wyse!mips!dce From: dce@mips.COM (David Elliott) Newsgroups: comp.unix.questions,comp.bugs.sys5 Subject: Re: SVR3 passwd changes mode of passwd file Message-ID: <3699@dunkshot.mips.COM> Date: 24 Sep 88 05:01:38 GMT References: <3394@dunkshot.mips.COM> <7@marvin.UUCP> Reply-To: dce@dunkshot.UUCP (David Elliott) Organization: MIPS Computer Systems, Sunnyvale, CA Lines: 32 In article <7@marvin.UUCP> jsp@marvin.UUCP (Johnnie Peters) writes: > It is entirely reasonable for passwd to set the modes of /etc/passwd >to 0444. I fyou don't believe this try working for a company like Unisys >in O.S. support for unix. The first time a customer calls and says things >like: > > I just accidentaly deleted my passwd file. What can I do? > > I saved the passwd file and now it wont let anybody on. What > do I do? > > I forgot the root password. What do I do? > >you will understand why the passwd file is protected as well as possible. I don't buy it. I've worked in OS support for Unix for my entire career, and yes I've heard these same questions. Of all of these, only the first comment gives a reason to have the password file protected in this way (protecting the file won't keep them from breaking the file or forgetting the root password, will it?), and only then because they have to say "rm -f /etc/passwd" or answer "y" when asked to remove it. This isn't protecting against truly unfortunate accidents. I have no problem with shipping the password file as mode 0444, and if the user leaves that alone, there's no problem. If the user really wants that file to be mode 0644, they may just decide to go out of their way to keep it that way. -- David Elliott dce@mips.com or {ames,prls,pyramid,decwrl}!mips!dce