Very Computer

I am not an Unix admin.  I am just a student.  In our class discussion, we
ran into the question why the password file is publicly available. I know  It
is not in directly readable form, but if we care for  security reasons, why
don't the administration make the file unavailable for casual users in the
first place?

Thanks!!!

Shaw

Quote:>I am not an Unix admin.  I am just a student.  In our class discussion, we
>ran into the question why the password file is publicly available. I know  It
>is not in directly readable form, but if we care for  security reasons, why
>don't the administration make the file unavailable for casual users in the
>first place?

It is publicly available so that the guys wearing white hats (login programs,
deamons, your homebrew database system etc) can easily validate passwords.

At the time when it was designed the guys wearing black hats were not believed
to have many chances:

  With this modification it is likely that the bad guy can spend days
  of computer time trying to find a password on a system with hundreds of
  passwords, and find none at all.

(From the Morris article on UNIX password security; can't remember the
exact title etc).

Various shadow password systems hide the password info and provides
another interface for verifying password.

        -- Michael

Quote:>I am not an Unix admin.  I am just a student.  In our class discussion, we
>ran into the question why the password file is publicly available.

At the time Unix was being implemented, people felt that the encryption was
good enough to prevent people from discovering passwords.  Administration
was simplified if all information about a user was in one file instead of
two, so the encrypted password was put in the same file as the full name,
home directory, shell, etc.  Since there's no need to protect the latter
information, and the encryption was thought to be good enough protection
for the password, the file is publicly readable.

Quote:>I know  It
>is not in directly readable form, but if we care for  security reasons, why
>don't the administration make the file unavailable for casual users in the
>first place?

Many versions of Unix now provide a way to put the encrypted passwords in a
non-public file.
--
Barry Margolin
System Manager, Thinking Machines Corp.

In my previous post, I asked

Quote:>I am not an Unix admin.  I am just a student.  In our class discussion, we
>ran into the question why the password file is publicly available. I know  It
>is not in directly readable form, but if we care for  security reasons, why
>don't the administration make the file unavailable for casual users in the
>first place?

I would like to thank those who answered my question on the net and also
to those who sent me email regarding the subject.  

I have learned that the file contains other things that are needed by other
programs  also some of the historic reasons why encrypted password is mixed
together with other things in the same file.  And last but not least that
there are now ways to keep the actual password data from the reach of casual
users.

Thanks again.

Shaw

Quote:>I am not an Unix admin.  I am just a student.  In our class discussion, we
>ran into the question why the password file is publicly available. I know  It
>is not in directly readable form, but if we care for  security reasons, why
>don't the administration make the file unavailable for casual users in the
>first place?

Because a great deal of software (mail, news, even mundane things like cd)
have to have access to various fields in the passwd entries (UID, GID,
GCOS field) and it's less of a security problem to have passwd readable
than to try and run all the other software as setuid root.

With modern Unixen, the shadow password file improves security a great deal
while not breaking the large pool of existing code.

--

The Chairman of the Board and the CFO speak for SCI. I'm neither.
Remember: A majority of the American people voted against *all* of the
Presidential Candidates. How encouraging....