Re: Groups running wild

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22Sep2008 09:22, kwhiskerz <kwhiskerz@xxxxxxxxx> wrote:
| I have noticed differences in /etc/groups lately.
| Older files had the form group:*:
| Newer files have the form group :x:
| On my laptop yesterday, a groups.rpmnew was created with the form group::
| I read the manual and it suggests that the latter form means no password.
| What does all of this mean? What effect does the * or x have? If it is blank, 
| what does it mean for a group to have no password? No password for login? Why 
| would such a file be generated upon yum update for my laptop?

It looks like the same change that happened to passwd when shadow
passwords were introduced. Originally passwords had their hashes in the
passwd file; the hashes are one way and expensive to reverse, but not
strong enough by modern standards. A user with no password had a "*" in
the crypt field of the passwd file.

Because UNIX crypts can be brute forced these days, and on general
principles (passwords, and by extension their hashes, are secrets)
the hashes got moved into /etc/shadow, which is not publicly readable
and hods the hashes and some other information (expiry times etc).

And to signify that the hash was _not_ inline in the passwd, and passwd
entry with a hash in /etc/shadow has an "x" in the crypt field.

It looks like they have gone for the same scheme with groups.

Regarding your question about group password, there is a command called
"newgrp" for having a process obtain membership in a particular group.
See "man newgrp".

Cheers,
-- 
Cameron Simpson <cs@xxxxxxxxxx> DoD#743
http://www.cskk.ezoshosting.com/cs/

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux