Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Oct 1998 16:52:36 +0100
From:      Ben Smithurst <ben@scientia.demon.co.uk>
To:        Evren Yurtesen <yurtesen@ispro.net.tr>
Cc:        Doug White <dwhite@resnet.uoregon.edu>, freebsd-questions@FreeBSD.ORG
Subject:   Re: pwd.db?
Message-ID:  <19981013165236.A945@scientia.demon.co.uk>
In-Reply-To: <Pine.BSF.3.96.981013075056.21967A-100000@finland.ispro.net.tr>
References:  <Pine.BSF.4.03.9810121349160.25080-100000@resnet.uoregon.edu> <Pine.BSF.3.96.981013075056.21967A-100000@finland.ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help 
Evren Yurtesen wrote:

> ok then, but would not it be more secure if you have maden the
> password files be able to read only by wheel group?

I don't see why, neither master.passwd or passwd, or the .db files they
are converted to contain passwords in plain text. I certainly can't see
a security risk with having /etc/{passwd,pwd.db} world readable.

> for example I would not want somebody to get my passwd file and
> put it to web to show all usernames on my system and the real names
> corresponding to those login names (also I guess nobody would like
> that idea) or somebody may send email to all my users from that passwd
> file, is not it?

Make sure your users are not so clueless then, and if they do such a
thing, rmuser(8) is your friend :-)

> but those files are readable by public which means that anyone
> who as account on my system can access to them, why is that ?

Why not? There are other ways to find out valid usernames.

$ cd /home
$ ls

may work (depending on where your home directories are). True, you could
`chmod o-r /home' but I really can't see the point.

$ cd /var/mail
$ ls

to see who has a mailbox, which most users will have even if it's empty.
(see above if you really want to make it tight `chmod o-r /var/mail')

-- 
Ben Smithurst                                          ben@scientia.demon.co.uk

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981013165236.A945>