On Thu, Oct 18, 2007 at 11:33:08AM +0100, Chris G wrote:
On Thu, Oct 18, 2007 at 10:53:57AM +0100, Wayne Stallwood wrote:
On Thu, 2007-10-18 at 08:43 +0100, Chris G wrote:
It does say (in some of the places where it suggests it) that one must have an environment where users are trusted. Since my environment is just me all I need to protect against is my stupidity/fallibility.
I figured that, I just thought it was worth mentioning why this may not be best practise in case somebody else follows this advice.
In addition the /etc/shadow file shouldn't be readable to anyone except root and so won't get copied if you copy /etc, I expect there may be other files in /etc that aren't world readable for the same reason.
That doesn't really matter though does it ? There is nothing as far as I know stopping you from rewriting the passwd file legacy style with password hashes for known passwords. In fact I think it is probably possible to have a mix of these and passwd entries that reference the shadow file. As to the other read only stuff, there is probably nothing that would prevent the system working well enough for someone to login.
In that case what is the point of the shadow file? I suppose it stops simple 'brute force' methods of guessing passwords but, if what you say is true, that would seem to be all.
It stops users from being able to use cracking utilities over the passwords in the passwd file, IIRC you can't actually mix shadow with a passwd file containing passwords.
It can be set with very minimum permissions because the only thing that should be able to read it is pam or a root user.
(But, yes, if there isn't a shadow file, and the password file includes passwords, that's all that's needed).
Even if the login mechanism forced you to use shadow passwords it would only mean that as soon as you do the mount your version all other logins would fail. In a situation where the sysadmin doesn't have immediate physical access to the box in question this may actually be an advantage to an intruder in some scenarios.
But in this case the intruder wouldn't be root would they, and they wouldn't be able to become root.
They'd mount /etc from CIFS with a blank or known root password in the /etc/password file, then they could become root, swivel things about a bit, and do anything they please.
Anyways... I'm hungry so off to get lunch :)