Date: Fri, 10 Mar 2000 01:16:39 -0500 (EST) From: Mike Heffner <mheffner@mailandnews.com> To: Paul Richards <paul@originative.co.uk> Cc: current@freebsd.org Subject: RE: The pw command Message-ID: <XFMail.20000310011639.mheffner@mailandnews.com> In-Reply-To: <38C85A1D.F7A21141@originative.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10-Mar-2000 Paul Richards wrote: | Non-root users can use the pw command to get information from the | master.passwd file e.g. | | ps showuser paul | paul:*:1000:1000::0:0:& Richards:/home/paul:/usr/local/bin/bash | | which shows the class, password expiry and account expiry. I'm not sure | whether that's information that should be kept secure but it does seem | like 'pw' is the only command that makes it available. The 'chsh' | command doesn't show this information except when run as root for | instance. | pw(8) uses getpwuid(3) to retrieve a password entry from the world readable /etc/pwd.db. It doesn't open master.passwd, (well at least when run as a non-superuser). IMO, that information is not something that needs to be secured. /**************************************** * Mike Heffner <spock@techfour.net> * * Fredericksburg, VA -- ICQ# 882073 * * Sent at: 10-Mar-2000 -- 00:58:18 EST * * http://my.ispchannel.com/~mheffner * ****************************************/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000310011639.mheffner>