passwds and crypt(3)...
Barry Margolin
barmar at think.com
Tue Jan 2 11:45:24 AEST 1990
In article <21911 at adm.BRL.MIL> AGRISCS at umcvmb.missouri.edu (Don Ingli) writes:
>Anyway, I guess what I am trying to say is that maybe UNIX should place the
>SHADOW file somewhere on the disk, but not in a file....
It's been suggested before. What makes you think storing it on the disk is
any more secure than a file? The disk can be accessed as /dev/<something>.
The access control on this is no more secure than that provided for
/etc/shadow -- if someone can get superuser access then they'd be able to
read both of them. On the other hand, having a separate /etc/shadow allows
its group permission to be used; passwd could be setgid to its group rather
than setuid root.
Also, taking the password database out of the file system means that it
won't be backed up by current backup tools. All the backup facilities
would have to be updated to dump the password partition.
--
Barry Margolin, Thinking Machines Corp.
barmar at think.com
{uunet,harvard}!think!barmar
More information about the Comp.unix.questions
mailing list