In Unix, there is a file /etc/shadow that contains (one-way)encrypted passwords of every user. The user can not see the contents of the file. This is to defend the password cracking programs.
To change the password, the user needs to use the command: passwd. This passwd command first asks you for your old password and encrypts your input and compares it against the value in the file /etc/shadow. If it matches then it updates the password file /etc/shadow with new content.
When you are not allowed to view the /etc/shadow file, how can a program (passwd) do the same when run by you?
This is where the idea of special permission called setuid came into picture. A program file can be given setuid permission such that the program becomes the user who owns the program file instead of the user who is running it.
Taking you to the next exercise in seconds...
Want to create exercises like this yourself? Click here.
No hints are availble for this assesment
Answer is not availble for this assesment
Please login to comment
17 Comments
Can you explain this sentence, its ambiguous to me.
" A program file can be given
Upvote Sharesetuidpermission such that the program becomes the user who owns the program file instead of the user who is running it."Hi,
It means that when a program file is given setuid permission, it starts acting like the owner of the program file as it is granted a special permission to view the '/etc/shadow' file which only the file owner should have.
On the other hand, the user who is running the file can't view the '/etc/shadow' file as he/she is not the owner of the file and also he/she is not granted any special permission for such a case.
1 Upvote ShareThanks for the explanation!
Upvote ShareIt's funny I get to answer before I don't even know
Upvote Share"When you are not allowed to view the
/etc/shadowfile, how can a program (passwd) do the same when run by you?"I didn't get this line please explain
Upvote ShareHi,
You cannot see the conttents of the file `/etc/shadow`:
[vagdevi4768@cxln5 ~]$ tail /etc/shadow
tail: cannot open ‘/etc/shadow’ for reading: Permission denied
But the command `passwd` is able to change our password. How is this possible?
This is because `passwd` is given a special permission called setuid(you can check this using `ls -l /usr/bin/passwd`, you would notice 's' in the permissions it lists for passwd).
With this permission, whenever we run `passwd` command, it is able to help us change the password which is stored in /etc/shadow file, because passwd has special userid permissions.
Thanks.
1 Upvote ShareHere setuid permission given to /etc/shadow or program file for passwd command?
Upvote ShareHi,
As given in the tutorial:
"A program file can be given setuid permission such that the program becomes the user who owns the program file instead of the user who is running it."
Thanks.
-- Rajtilak Bhattacharjee
Upvote ShareThis comment has been removed.
Lets say I changed my password here using "passwd" command and forget it as Password still remains as the old one in "Lab password" how can I recover it for lab?
Upvote ShareHi Rahul,
We would suggest you not to change your password for the lab else the assessment engine will not be able to detect your solutions. However, if you need to reset your password you can always reach out to us.
Thanks.
-- Rajtilak Bhattacharjee
Upvote ShareIs this type of encrypted fie used to give access to file for specific set of users as those whose password info is available on the encrypted file?
Upvote ShareHi Nishchal,
These encrypted files contains passwords and other details about the users.
Thanks.
Upvote ShareHow to make an encrypted file like this /etc/shadow is?
Upvote ShareHi Nishchal,
These files are not created by users, rather they are created by the Unix/Linux OS itself.
Thanks.
Upvote ShareHi Team,
I am unable to understand the corelation between setuid and passwd. As per the above example, "passwd" can change the password of the designated user IF passwd owns "setuid" permission (As per the above explanation), but when I am checking the permission /etc/passwd, I am finding the output as per the attachement:
Even though /etc/passwd doesn't have "s" permission, still it allows to change the user's password. Kindly explain.
Thanks
Upvote Sharepasswd command is in /usr/bin/passwd location (You can use *which passwd* command to find this.)
/etc/passwd is the text file which maintains the user information. you can check the contents of this file using "tail /etc/passwd".
I hope you understood.
1 Upvote Share