Date: Mon, 3 Mar 2003 17:49:31 +0200 From: "Nikolay Y. Orlyuk" <nikolay@asu.ntu-kpi.kiev.ua> To: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd Message-ID: <20030303154931.GJ73302@asu.ntu-kpi.kiev.ua> In-Reply-To: <200303031528.h23FScje002664@dc.cis.okstate.edu> References: <200303031528.h23FScje002664@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 03, 2003 at 09:28:38AM -0600, Martin McCormick wrote:
> What might cause all users except root to get "permission denied"
> every time they try to change their passwords on a new system?
>
> Here's the scenario:
>
> $ passwd
> Changing local password for martin.
> Old password:
> passwd: Permission denied
> passwd: /etc/master.passwd: unchanged
> $
>
> I have checked permissions on /etc/master.passwd and
> /etc/passwd and they agree with the corresponding files on
> another 4.7 system that works.
>
> $ ls -l /etc/*passwd
> -rw------- 1 root wheel 1605 Mar 3 08:12 /etc/master.passwd
> -rw-r--r-- 1 root wheel 1367 Mar 3 08:12 /etc/passwd
> $ cd /
> $ ls -l |grep usr
> drwxr-xr-x 16 root wheel 512 Nov 11 11:34 usr
more interesting is /etc, because you already get /usr/bin/passwd, thats enough.
etc may don't have +x for root.
> $ ls -l /usr/bin/passwd
> -r-sr-xr-x 2 root wheel 32504 Oct 9 07:51 /usr/bin/passwd
All seems to be ok.
>
For most nix'es rest is not important.
>
<skipped>
>
Did you check that your system understand suid bit on executables
simliest way is to make this (if you sure that your system ok than you can skip it)
--suidtest.c--cut-me---
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
int main() { printf("I'm a %d\n",geteuid()); return 0; }
--suidtest.c--
# gcc -o suidtest suidtest.c
You are root
$ chown root suidtest
$ chmod u+s suidtest
You are not root
# ./suidtest
if you will got "I'm a 0" then all is ok (for kerenel side)
else you will need check your kernel (especially loading of binaries or something about euid).
So now you know (hope) that your system works fine.
Thats problem of userspace
If you have sources of passwd try to find out where it want to read/write or place files
(thats important to look also where it want to place).
I will look in source which I will find.
P.S. Sorry about my English grammar.
--
With best wishes Nikolay
mail: nikolay@asu.ntu-kpi.kiev.ua
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030303154931.GJ73302>