Xref: utzoo comp.unix.questions:9313 comp.bugs.sys5:564
Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!apple!voder!pyramid!prls!mips!dce
From: dce@mips.COM (David Elliott)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SVR3 passwd changes mode of passwd file
Message-ID: <3441@dunkshot.mips.COM>
Date: 21 Sep 88 14:49:06 GMT
References: <3394@dunkshot.mips.COM> <1235@cbnews.ATT.COM>
Reply-To: dce@dunkshot.UUCP (David Elliott)
Organization: MIPS Computer Systems, Sunnyvale, CA
Lines: 34

In article <1235@cbnews.ATT.COM> lvc@cbnews.ATT.COM (Lawrence V. Cipriani) writes:
>In article <3394@dunkshot.mips.COM> dce@mips.COM (David Elliott) writes:
>>
>	...
>>I have had a couple of complaints about this [/bin/passwd changes mode of
>>/etc/passwd explicitly to 0444 -lvc], and would like to decide on a solution.
>>Is it reasonable to have passwd fix the mode of the new /etc/passwd
>>to be the same as the current /etc/passwd?
>
>No, unless you don't give a darn about security.  What exactly is your
>complaint about mode 0444 on /etc/passwd? Anything one should be allowed
>to do to /etc/passwd should be done by root or the owner of /etc.  A
>carefully coded suid to root should do the job.  Please elaborate what your
>need is.

I have no complaint.  I have no need.  Maybe I should make it clearer.
A customer of ours who uses BSD Unix complained that "something" was
changing the mode of /etc/passwd from 0644 (which he set it to) to 0444.
I believe that the complaint was that he had to use ":w!" in vi (I know,
vi'ing the password file is wrong, but we haven't had time to add a vipw
program yet).

On the other hand, let's remember what we're talking about here.  If I
want to create a file whose name contains spaces, Unix lets me.  If I
want to set up a file with mode 0002, Unix lets me.  This is one of the
aspects of the Unix philosophy.  Why should Unix change the mode of
my password file if I set it to something explicitly?

This isn't a case of security.  If he has to, this customer is going to
set up a cron job to "fix" the mode of /etc/passwd because that's the
mode he wants it to have.

-- 
David Elliott		dce@mips.com  or  {ames,prls,pyramid,decwrl}!mips!dce