On Thu, Oct 18, 2007 at 10:53:57AM +0100, Wayne Stallwood wrote:
On Thu, 2007-10-18 at 08:43 +0100, Chris G wrote:
It does say (in some of the places where it suggests it) that one must have an environment where users are trusted. Since my environment is just me all I need to protect against is my stupidity/fallibility.
I figured that, I just thought it was worth mentioning why this may not be best practise in case somebody else follows this advice.
In addition the /etc/shadow file shouldn't be readable to anyone except root and so won't get copied if you copy /etc, I expect there may be other files in /etc that aren't world readable for the same reason.
That doesn't really matter though does it ? There is nothing as far as I know stopping you from rewriting the passwd file legacy style with password hashes for known passwords. In fact I think it is probably possible to have a mix of these and passwd entries that reference the shadow file. As to the other read only stuff, there is probably nothing that would prevent the system working well enough for someone to login.
In that case what is the point of the shadow file? I suppose it stops simple 'brute force' methods of guessing passwords but, if what you say is true, that would seem to be all.
Even if the login mechanism forced you to use shadow passwords it would only mean that as soon as you do the mount your version all other logins would fail. In a situation where the sysadmin doesn't have immediate physical access to the box in question this may actually be an advantage to an intruder in some scenarios.
But in this case the intruder wouldn't be root would they, and they wouldn't be able to become root.
However it's all fairly academic in my situation though it does mean that the (few) user passwords should be good/secure as the box does have ssh access from the outside world. I have in fact been wondering whether to tie it down even more tightly by restricting ssh access to a few known IP addresses. One of these allowed IP addresses can then be my hosting provider where I have ssh access so, if I want to get into my system from somewhere else, I could log in to my account on my hosting provider and then to my home system.
However looking at my system logs shows very few attempts to login using ssh, like a dozen or so a day, and they use only very obvious user IDs.