From owner-freebsd-security Wed Mar 5 3:13:46 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 727F437B401 for ; Wed, 5 Mar 2003 03:13:42 -0800 (PST) Received: from relay1.ntu-kpi.kiev.ua (oberon.ntu-kpi.kiev.ua [195.245.194.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 102A543F75 for ; Wed, 5 Mar 2003 03:13:40 -0800 (PST) (envelope-from nikolay@asu.ntu-kpi.kiev.ua) Received: by relay1.ntu-kpi.kiev.ua (Postfix, from userid 426) id 8011619910; Mon, 3 Mar 2003 17:49:32 +0200 (EET) Received: from onyx.asu.ntu-kpi.kiev.ua (eth0.onyx.asu.ntu-kpi.kiev.ua [10.18.16.2]) by relay1.ntu-kpi.kiev.ua (Postfix) with ESMTP id B82FD19905 for ; Mon, 3 Mar 2003 17:49:31 +0200 (EET) Received: from drweb by onyx.asu.ntu-kpi.kiev.ua with drweb-scanned (Exim 4.10) id 18psC3-000LmW-00 for freebsd-security@FreeBSD.ORG; Mon, 03 Mar 2003 17:49:31 +0200 Received: from nikolay by onyx.asu.ntu-kpi.kiev.ua with local (Exim 4.10) id 18psC3-000LmQ-00 for freebsd-security@FreeBSD.ORG; Mon, 03 Mar 2003 17:49:31 +0200 Date: Mon, 3 Mar 2003 17:49:31 +0200 From: "Nikolay Y. Orlyuk" To: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd Message-ID: <20030303154931.GJ73302@asu.ntu-kpi.kiev.ua> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <200303031528.h23FScje002664@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200303031528.h23FScje002664@dc.cis.okstate.edu> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 09:28:38AM -0600, Martin McCormick wrote: > What might cause all users except root to get "permission denied" > every time they try to change their passwords on a new system? > > Here's the scenario: > > $ passwd > Changing local password for martin. > Old password: > passwd: Permission denied > passwd: /etc/master.passwd: unchanged > $ > > I have checked permissions on /etc/master.passwd and > /etc/passwd and they agree with the corresponding files on > another 4.7 system that works. > > $ ls -l /etc/*passwd > -rw------- 1 root wheel 1605 Mar 3 08:12 /etc/master.passwd > -rw-r--r-- 1 root wheel 1367 Mar 3 08:12 /etc/passwd > $ cd / > $ ls -l |grep usr > drwxr-xr-x 16 root wheel 512 Nov 11 11:34 usr more interesting is /etc, because you already get /usr/bin/passwd, thats enough. etc may don't have +x for root. > $ ls -l /usr/bin/passwd > -r-sr-xr-x 2 root wheel 32504 Oct 9 07:51 /usr/bin/passwd All seems to be ok. > For most nix'es rest is not important. > > Did you check that your system understand suid bit on executables simliest way is to make this (if you sure that your system ok than you can skip it) --suidtest.c--cut-me--- #include #include #include int main() { printf("I'm a %d\n",geteuid()); return 0; } --suidtest.c-- # gcc -o suidtest suidtest.c You are root $ chown root suidtest $ chmod u+s suidtest You are not root # ./suidtest if you will got "I'm a 0" then all is ok (for kerenel side) else you will need check your kernel (especially loading of binaries or something about euid). So now you know (hope) that your system works fine. Thats problem of userspace If you have sources of passwd try to find out where it want to read/write or place files (thats important to look also where it want to place). I will look in source which I will find. P.S. Sorry about my English grammar. -- With best wishes Nikolay mail: nikolay@asu.ntu-kpi.kiev.ua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message