RE: Security for networks (SunOS 4.1.3_U1)

Stephen T. McKenna (stmckenna@amoco.com)
Thu, 1 Jun 95 15:03:17 CDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey H Simpson: "job posting"
Previous message: Bruce D. Ray: "RE: Security for networks (SunOS 4.1.3_U1)"

Bruce Ray writes:
> {Perhaps somebody could
> tell us why /etc/passwd needs to be world and group readable when
> it is only root writable and you aren't going to run finger or rusers
> I've asked on the security newsgroups and nobody replied.}

It's because lots of programs use the standard library routines to fetch info
about the user from /etc/passwd. For example, a mail program might call
getuid(2) to discover the UID of its process, then give that to getpwuid(3)
to get your login name, your full name, and the name of your home directory.
Since getpwuid runs as part of a user process, every user needs read access
to /etc/passwd.

Steve McKenna
Amoco Research Center
Naperville, IL
stmckenna@amoco.com

Next message: Jeffrey H Simpson: "job posting"
Previous message: Bruce D. Ray: "RE: Security for networks (SunOS 4.1.3_U1)"