> > On a server that you have shell access, you probably really need to add > > 'passwd' to the 'suid partitiion'. You may need some other things, > > on some of our servers, I have 'ping' as well. > > it's not really necessary to have passwd setuid. > you just can write a passwd server process and the passwd(8) > just talks to this server via unix domain sockets. ... Or you can use tcb, which is default in Owl, where the shadowed password entries are not all in the same file, but rather in user-specific subdirectories. passwd is sgid to get access to the tcb dir, and the shadow entry is writable by the user directly, and only contain's that user's entry. More info at http://www.openwall.com/tcb/ -- Brian Hatch Thou shalt not pray Systems and to Zeus for things Security Engineer your usual god would http://www.ifokr.org/bri/ laugh at. Every message PGP signed
Attachment:
pgp00017.pgp
Description: PGP signature