Xref: utzoo comp.unix.questions:9417 comp.bugs.sys5:580 Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!bpa!cbmvax!ditto From: ditto@cbmvax.UUCP (Michael "Ford" Ditto) Newsgroups: comp.unix.questions,comp.bugs.sys5 Subject: Re: SVR3 passwd changes mode of passwd file Summary: it's bogus Message-ID: <4827@cbmvax.UUCP> Date: 25 Sep 88 02:26:03 GMT References: <3394@dunkshot.mips.COM> <344@stiatl.UUCP> Reply-To: ditto@cbmvax.UUCP (Michael "Ford" Ditto) Organization: Commodore Technology, West Chester, PA Lines: 24 In article <344@stiatl.UUCP> meo@stiatl.UUCP (Miles O'Neal) writes: >I suggest you tell the complainers to always leave the passwd file >0444. NOBODY besides root should have access to that The complaint here is not about security or lack thereof, it's about programs undoing the system administrator's actions. There is nothing more secure about a 0444 /etc/passwd than a 0644 one, but there are programs which aren't smart enough to know that you can write an "unwritable" file if uid==0 (vi is an example). Some people like the "extra work" required to write to a 0444 file, but if so, they can chmod it themselves. Where should this "enforced security" end? Should /bin/passwd also chmod / to 555 mode as well? And what about /etc/? Should "ls" remove world write permission from /dev/mem if it happens to discover it? -- -=] Ford [=- "The number of Unix installations (In Real Life: Mike Ditto) has grown to 10, with more expected." ford@kenobi.cts.com - The Unix Programmer's Manual, ...!sdcsvax!crash!elgar!ford 2nd Edition, June, 1972. ditto@cbmvax.commodore.com