From owner-freebsd-current Thu Mar 9 22:16:13 2000 Delivered-To: freebsd-current@freebsd.org Received: from MailAndNews.com (MailAndNews.com [199.29.68.160]) by hub.freebsd.org (Postfix) with ESMTP id 0309837B569 for ; Thu, 9 Mar 2000 22:16:11 -0800 (PST) (envelope-from mheffner@mailandnews.com) Received: from muriel.penguinpowered.com [208.138.199.76] (mheffner@mailandnews.com); Fri, 10 Mar 2000 01:16:05 -0500 X-WM-Posted-At: MailAndNews.com; Fri, 10 Mar 00 01:16:05 -0500 Content-Length: 1030 Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <38C85A1D.F7A21141@originative.co.uk> Date: Fri, 10 Mar 2000 01:16:39 -0500 (EST) Reply-To: Mike Heffner From: Mike Heffner To: Paul Richards Subject: RE: The pw command Cc: current@freebsd.org Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 10-Mar-2000 Paul Richards wrote: | Non-root users can use the pw command to get information from the | master.passwd file e.g. | | ps showuser paul | paul:*:1000:1000::0:0:& Richards:/home/paul:/usr/local/bin/bash | | which shows the class, password expiry and account expiry. I'm not sure | whether that's information that should be kept secure but it does seem | like 'pw' is the only command that makes it available. The 'chsh' | command doesn't show this information except when run as root for | instance. | pw(8) uses getpwuid(3) to retrieve a password entry from the world readable /etc/pwd.db. It doesn't open master.passwd, (well at least when run as a non-superuser). IMO, that information is not something that needs to be secured. /**************************************** * Mike Heffner * * Fredericksburg, VA -- ICQ# 882073 * * Sent at: 10-Mar-2000 -- 00:58:18 EST * * http://my.ispchannel.com/~mheffner * ****************************************/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message