Xref: utzoo comp.unix.questions:9410 comp.bugs.sys5:578
Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!agate!eos!amelia!ames!vsi1!wyse!mips!dce
From: dce@mips.COM (David Elliott)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SVR3 passwd changes mode of passwd file
Message-ID: <3699@dunkshot.mips.COM>
Date: 24 Sep 88 05:01:38 GMT
References: <3394@dunkshot.mips.COM> <7@marvin.UUCP>
Reply-To: dce@dunkshot.UUCP (David Elliott)
Organization: MIPS Computer Systems, Sunnyvale, CA
Lines: 32

In article <7@marvin.UUCP> jsp@marvin.UUCP (Johnnie Peters) writes:
>	It is entirely reasonable for passwd to set the modes of /etc/passwd
>to 0444.  I fyou don't believe this try working for a company like Unisys
>in O.S. support for unix.  The first time a customer calls and says things
>like:
>
>	I just accidentaly deleted my passwd file.  What can I do?
>
>	I saved the passwd file and now it wont let anybody on.  What
>	do I do?
>
>	I forgot the root password.  What do I do?
>
>you will understand why the passwd file is protected as well as possible.

I don't buy it.  I've worked in OS support for Unix for my entire
career, and yes I've heard these same questions.

Of all of these, only the first comment gives a reason to have the
password file protected in this way (protecting the file won't keep
them from breaking the file or forgetting the root password, will it?),
and only then because they have to say "rm -f /etc/passwd" or answer
"y" when asked to remove it.  This isn't protecting against truly
unfortunate accidents.

I have no problem with shipping the password file as mode 0444, and if
the user leaves that alone, there's no problem.  If the user really
wants that file to be mode 0644, they may just decide to go out of
their way to keep it that way.

-- 
David Elliott		dce@mips.com  or  {ames,prls,pyramid,decwrl}!mips!dce