From owner-p4-projects@FreeBSD.ORG  Sat Aug  2 11:40:52 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 2C00B37B404; Sat,  2 Aug 2003 11:40:52 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D5C3337B401
	for <perforce@freebsd.org>; Sat,  2 Aug 2003 11:40:51 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 56E0743F3F
	for <perforce@freebsd.org>; Sat,  2 Aug 2003 11:40:51 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h72Iep0U022144
	for <perforce@freebsd.org>; Sat, 2 Aug 2003 11:40:51 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h72IeomY022141
	for perforce@freebsd.org; Sat, 2 Aug 2003 11:40:50 -0700 (PDT)
Date: Sat, 2 Aug 2003 11:40:50 -0700 (PDT)
Message-Id: <200308021840.h72IeomY022141@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 35404 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Aug 2003 18:40:53 -0000

http://perforce.freebsd.org/chv.cgi?CH=35404

Change 35404 by rwatson@rwatson_paprika on 2003/08/02 11:39:58

	Expand on the user account manipulation tools and their user of
	privilege.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#6 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#6 (text+ko) ====

@@ -2122,12 +2122,16 @@
 	<title>User Management Tools</title>
 
 	<para>A variety of tools exist to monitor and modify the local
-	  user databases.  Most monitoring tools may execute
-	  unprivileged, as they read from world-readable files via NSS;
-	  these commands include id, finger, and others.  Management
-	  tools must, in general, run with a high level of privilege, as
-	  they manipulate sensitive user account properties which may,
-	  in turn, affect user privileges.</para>
+	  account databases.
+	  Most monitoring tools may execute unprivileged, as they read
+	  from world-readable files via NSS; these commands include id,
+	  finger, and others.
+	  Management tools must, in general, run with a high level of
+	  privilege, as they manipulate sensitive user account properties
+	  which may, in turn, affect user privileges.
+	  In general, account management tools are not setuid or
+	  setgid, and must therefore be invoked as the root user so
+	  that they have sufficient privilege for their operation.</para>
 
 	<para>adduser: Interactively add a user to the system password
 	  database; create and populate the user's home directory.
@@ -2137,41 +2141,58 @@
 	<para>rmuser: Interactively remove a user from the system
 	  password database; garbage collect the user's home directory,
 	  mail file, cron tab, kills any processes owned by the
-	  user, and removes any at(8) jobs.  This tool must be run as
-	  root so that adequate privilege is held to modify the
-	  required files and directories, and to kill user
-	  processes.</para>
+	  user, and removes any at(8) jobs.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files and directories, and to kill
+	  user processes.</para>
 
 	<para>pw: General command-line based user management tool.
 	  This tool encapsulates a variety of account management
 	  elements, updating the system account databases, including
 	  adding users, deleting users, modifying users, showing
 	  users, adding groups, deleting groups, modifying groups,
-	  and locking or unlocking accounts.  This tool must be run
-	  as root so that adequate privilege is held to modify
-	  the required files and directories.</para>
+	  and locking or unlocking accounts.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files and directories.</para>
 
-	<para>vipw: Edit and rebuild the password file.  This
-	  tool loads the master (shadow) password file into the
+	<para>vipw: Edit and rebuild the password file.
+	  This tool loads the master (shadow) password file into the
 	  user's default editor; if the file is modified, the
-	  password databases will be rebuilt.  This tool must
-	  be run as root so that adequate privilege is held to
-	  modify the required files.</para>
+	  password databases will be rebuilt.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files.</para>
 
-	<para>chpass: Edit a user's entry in the password file, rebuild</para>
-	<!-- setuid root so it can modify password file -->
+	<para>chpass: Tool for editing user account settings in the
+	  master password file; loads current account information
+	  into an editor, validates changes, and rebuilds the password
+	  database.
+	  Unprivileged users are permitted only to modify selected
+	  fields of their account information (shell, subject to
+	  shell restrictions, GECOS fields); the root user is
+	  permitted to modify any password file field for the user.
+	  This tool executes setuid root so that it may modify the
+	  password file and rebuild the database, even if executed
+	  as a non-root user.</para>
 
-	<para>passwd: Change a user's password</para>
-	<!-- setuid root so it can modify password file -->
+	<para>passwd: Change a user's password.
+	  This tool changes the password of a user using PAM,
+	  which for local UNIX authentication will modify and
+	  rebuild the password database.
+	  Unprivileged users are permitted only to modify their own
+	  password; for UNIX password authentication, the current
+	  password must be provided to set the new password.
+	  With the UNIX password authentication mechanism, the root
+	  user is permitted to change the password of any user
+	  without knowledge of the current password.
+	  This tool executes setuid root so that it may modify the
+	  password file and rebuild the database, even if executed
+	  by a non-root user.</para>
 
-	<para>pwd_mkdb: Rebuild password file database</para>
-	<!-- Runs with user privilege -->
-
-	<para>Each of these will manipulate user home directories, as well
-	  as the password and group files, create and remove mail files,
-	  cron tables, scrub at jobs, etc.</para>
-
-	<para>XXX requires revision</para>
+	<para>pwd_mkdb: Rebuild password file database.
+	  This tool regenerates the binary database files from the
+	  password files.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files.</para>
       </sect3>
     </sect2>