On Wed, 11 Nov 1998, Erik <netmaskat_private> wrote: [...] > On a slackware 3.5 machine, with no backups... changing users password.. > leaves > > -rw------- 1 root root 560 Nov 11 09:53 shadow- > > chmod 600. So I would say its a suse linux problem. Not having /etc/shadow mode 640 (root.shadow) requires you to suid root xlock and all the kde screen lockers. With SuSE, 2755 (root.shadow) on xlock and *.kss is enough. So it may _not_ be a SuSE problem... Remember that every time a configuration change in the system is being done with yast (yet another setup tool, specific to SuSE), /sbin/SuSEconfig is being run. This script launches "/usr/bin/chkstat -set /etc/permissions" (plus /etc/permissions{.easy,.local}), where /etc/permissions describes /etc/shadow as root.shadow, mode 640. Whenever you change a password or add a user, /etc/shadow- is being set to the same permissions as /etc/shadow by /usr/bin/password or /usr/sbin/useradd. If you add users with vi, you must know what you're doing. Also keep in mind that yast (and therefore SuSEconfig + chkstat) are being run at first bootup after setting the root-password. Means: nobody except root can read /etc/shadow since root is the only user in the system who has a password. If /etc/shadow- is 644 at this stage, it just doesn't matter, because the next useradd will clean it up. It's not beautiful, and it may be considered a bug, but for sure it's not worth bothering/posting/the time. rgds, Roman. _ _ | Roman Drahtmller "The whole world is about three | CC University of Freiburg drinks behind." | email: draht@uni-freiburg.de (Humphrey Bogart) | - -
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:07 PDT