The passwd command does not have any permission to read the shadow file. Why can normal users log on normally?

Source: Internet
Author: User

The passwd command does not have any permission to read the shadow file. Why can common users log on normally? We can see that the password file does not have any permission. users need to read the password file during logon, if it is correct, how can it be verified? [Plain] [root @ serv01 learning] # ls/etc/shadow-l ----------. 1 root 1155 Sep 20/etc/shadow because the file has the s attribute. S: s is a command that has no significance to common files or directories. It is a privileged bit, the command has the root permission for instant execution [plain] [root @ serv01 learning] # ls/etc/shadow-l ----------. 1 root 1155 Sep 20/etc/shadow [root @ serv01 learning] # which passwd/usr/bin/passwd [root @ serv01 learning] # ls-l/usr/bin /passwd-rwsr-xr-x. 1 root 25336 Jan 29 2010/usr/bin/passwd demonstrate modifying vim permissions, you can open any file and modify the file [plain] [root @ serv01 learning] # which vim/usr/bin/vim [root @ serv01 learning] # ls-l/usr/bin anywhere. /vim-rwxr-xr-x. 1 root 1933032 Feb 15 2011/usr/bin/vim [root @ serv01 learning] # chmod u + s/usr/bin/vim [root @ serv01 learning] # ls-l /usr/bin/vim-rwsr-xr-x. 1 root 1933032 Feb 15 2011/usr/bin/vim Step 1 create a file in the current directory [plain] [zhink @ serv01 bbbb] $ vim file Step 2 view the file information [plain] [zhink @ serv01 bbbb] $ ls-l file-rw-r --. 1 root zhink 6 Sep 20 23: 17 file step 3 create a file in the root directory of the root, you can see that the root [plain] [zhink @ serv01 bbbb] $ vim/root/test.txt permission is granted to test.txt in step 4, the file owner is root [plain] [root @ serv01 learning] # ls/root/test.txt-l-rw-r --. 1 root zhink 12 Sep 20/root/test.txt [root @ serv01 learning] # cat bbbb/file hello [root @ serv01 learning] # cat/root/test.txt hello, in step 5 of world, you can also edit the shadow file [plain] [zhink @ serv01 bbbb] $ vim/etc/shadow # For system security, restore the vim command permission [root @ serv01 learning] # chmod u-s/usr/bin/vim [root @ serv01 learning] # ls/usr/bin/vim-l-rwxr -xr-x. 1 root 1933032 Feb 15 2011/usr/bin/vim step 6 restore vim attributes and view the password file again, [plain] [zhink @ serv01 bbbb] $ vim/etc/shadow experiment after Step 7g + s [plain] # directory inherited by s, file inheritance w [root @ serv01 learning] # chmod g + s cccc/[root @ serv01 learning] # cd cccc/[root @ serv01 cccc] # chmod g + w .. /cccc/[root @ serv01 cccc] # mkdir oooo [zhink @ serv01 cccc] $ ll total 8 drwxrwsr-x. 2 zhink root 4096 Sep 20 23: 29 ffff-rw-r --. 1 zhink root 0 Sep 20 23: 30 file drwxr-sr-x. 2 root 4096 Sep 20 23: 26 oooo

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.