Non root user change password in LINUX

Pasindu Nonis

New Member
Joined
Sep 20, 2018
Messages
1
Reaction score
0
Credits
0
How a non-root user can change his own password when he does not have write permission to the /etc/shadow?

and please explain how passwd is able to write to the /etc/shadow file.
 


JasKinasis

Well-Known Member
Joined
Apr 25, 2017
Messages
1,492
Reaction score
2,116
Credits
10,643
If memory serves this has something to do with the setuid and setgid flags. If you run the command:
Code:
ls -alh $(which passwd)
You should see something like this in the permissions part of the listing for the passwd executable:
Code:
-rwsr-xr-x

The s in the 4th position indicates that the setuid flag is set. This allows any user to run the executable as the files owner (root) without having to actually be root (and with no need to use sudo either).

Because of this - the passwd program is able to write an ordinary, unprivileged users new password to /etc/shadow.

I do know that unprivileged users can only change the password for their own account. So there must be some code in passwd that checks who is running the program.
If the user running the program is an ordinary user, it only allows the user to change their own password. But if the user who started the process is root (by either running directly as root, or via sudo) - then it will allow you to change the password for ANY account.

So as far as I know, it's the setuid flag that allows /etc/shadow to be written to when running passwd as an ordinary user.

There is another flag similar to setuid called setgid. When set, that will allow a program to run as whatever group is assigned to the program.
I'm not sure, but this flag might also be set too!
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top