how password will updated in /etc/shadow ?

[gunalanr]

Dear guys,

i am gunalan. i would like to tell that i am so happy that i am also joined this Linux forum. i am very much happy that i am also part of this top most website in this world. This is my first post in our form.

**** by default the permission of /etc/shadow file in linux OS is -r-------- . How the password information will update in this file when an unprivileged user change his password.

Your suggestion are really helpful for me and all.

Thanking You.

[Irithori]

hi and welcome.

You are right, only root can update the shadow file.

The "passwd" command works by utilizing the s-bit.
Look here:

Code:

ls -la `which passwd`
-rwsr-xr-x 1 root root 27768 Jan  6  2007 /usr/bin/passwd

The s-bit says: Use the *fileowner* uid for this process, not the uid of the calling user.

Yes, this is dangerous, as a careless coded programm with the s-bit set for the owner root could be used to compromise the system.
ie: Any user could become root.

Therefore s-bit files shall be very rare and carefully checked for errors.

However, the passwd command is well known and secure.

[hazel]

However, the passwd command is well known and secure.

I would have thought so. So I was rather puzzled when I found an upgrade to passwd in my last Debian Lenny update. It's hard to see why such a fundamental program should ever need to be upgraded.

[Rubberman]

If you want to know why passwd was updated before you accept it, go to the Debian web site and look in the release notes.

[hazel]

If you want to know why passwd was updated before you accept it, go to the Debian web site and look in the release notes.

I couldn't find it on the site. Could you give me a link?

[Rubberman]

This was just recently fixed, Debian bug #569622: #569622 - passwd needs to have login as dependency, groupadd fails otherwise - Debian Bug report logs