Normally only root can access /etc/shadow
. But programs like su
and sudo
can check passwords without running as root. So the question is: Why can these programs access /etc/shadow
without privileges? I tried to access it without privileges via python with the spwd
module, but I didn't get access (like expected). Which mechanism do these programs use?
Why have programs like su access to /etc/shadow
permissionsrootshadow
Best Answer
Because programs like
su
andpasswd
have setSetUID
. You can check by using :When you look around in your file permission you will see "s". If anybody is trying to run the
passwd
program, by default it's taking the privilege of owner (root here) of the file. This means any user can get root privilege to execute thepasswd
program, because only the root user can edit or update/etc/passwd
and/etc/shadow
file. Other users cant. When the normal user runs thepasswd
program on his terminal, thepasswd
program is run as "root", because the effective UID is set to "root". So the normal user can easily update the file.You can use the
chmod
command with theu+s
org+s
arguments to set the setuid and setgid bits on an executable file, respectivelyLong Answer : Set-User_Id (SUID): Power for a Moment:
By default, when a user executes a file, the process which results in this execution has the same permissions as those of the user. In fact, the process inherits his default group and user identification.
If you set the SUID attribute on an executable file, the process resulting in its execution doesn't use the user's identification but the user identification of the file owner.
The SUID mechanism, invented by Dennis Ritchie, is a potential security hazard. It lets a user acquire hidden powers by running such a file owned by root.
The listing shows that passwd is readable by all, but shadow is unreadable by group and others. When a user running the program belongs to one of these two categories (probably, others), so access fails in the read test on shadow. Suppose normal user wants to change his password. How can he do that? He can do that by running
/usr/bin/passwd
. Many UNIX/Linux programs have a special permission mode that lets users update sensitive system files –like/etc/shadow
--something they can't do directly with an editor. This is true of thepasswd
program.The s letter in the user category of the permission field represents a special mode known as the set-user-id (SUID). This mode lets a process have the privileges of the owner of the file during the instance of the program. Thus when a non privileged user executes passwd, the effective UID of the process is not the user's, but of root's – the owner of the program. This SUID privilege is then used by passwd to edit
/etc/shadow
.Reference Link