Kris Kennaway wrote:
>
> On Fri, 10 Mar 2000, Paul Richards wrote:
>
> > Non-root users can use the pw command to get information from the
> > master.passwd file e.g.
> >
> > ps showuser paul
> > paul:*:1000:1000::0:0:& Richards:/home/paul:/usr/local/bin/bash
>
> % pw showuser kkenn
>
> kkenn:*:1000:0::0:0:Kris Kennaway:/home/kkenn:/usr/local/bin/tcsh
>
> % grep kkenn /etc/passwd
>
> kkenn:*:1000:0::0:0:Kris Kennaway:/home/kkenn:/usr/local/bin/tcsh
>
> % ls -l /usr/bin/pw
> -r-xr-xr-x 1 root wheel 53180 Mar 4 00:49 /usr/sbin/pw*
>
> In other words, pw(8) runs with no special privileges and can only read
> what the user can normally read.
Ok, as Mike mentioned in his email pw gets its info from pwd.db, I knew
that. What I had assumed was that pwd.db was the same as the contents of
/etc/passwd. I spent most of last night trying to work out how a
non-root user was getting access to master.passwd based on that flawed
assumption :-)
My /etc/passwd does not have the class and expiry fields in it. I've
deleted it and let it be recreated and it still doesn't have those
fields. I've browsed through the code in pwd_mkdb and it looks to me
like it deliberately creates the old style /etc/passwd file, which makes
sense from a comatibility perspective.
So what I'm puzzled about now is how come yours is different and do we
think its correct that pwd.db and /etc/passwd have different information
in them?
Paul.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
