Re: [FIXED] Re: [BUG?] RE: chmod 444 /etc/shadow

Joe Lewis <joe@xxxxxxxxx> · Tue, 20 May 2003 12:43:51 -0600

An '*' password is a "shadowed" password.  What an odd twist - to get 
permissions for the group "shadow" one has to view the "shadow" file.

ahoward wrote:

On Tue, 20 May 2003, ahoward wrote:

if one changes the entry in /etc/group from

 shadow:x:4002:root,postgres

to

 shadow:*:4002:root,postgres

it all works.  i have no idea what, or what a '*' password means, but this
seems like the ticket.

-a

wtf?

anyone got ideas?

-a

Hattie Rouge

-----Original Message-----
From: pam-list-admin@xxxxxxxxxx
[mailto:pam-list-admin@xxxxxxxxxx] On Behalf Of ahoward
Sent: Tuesday, May 20, 2003 10:20 AM
To: pam-list@xxxxxxxxxx
Subject: RE: chmod 444 /etc/shadow

On Mon, 19 May 2003, Hattie Rouge wrote:

Have you run strace to see what it is doing when it reports

the error?

yes - wasn't alot of help:

waiting for a connection...
one came in, sent pasword prompt...

 --- SIGSTOP (Stopped (signal)) ---
 ) = 1 (in [3], left {251, 760000})
 rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
CONT SYS], NULL, 8) = 0
 accept(3, {sin_family=AF_INET, sin_port=htons(53949),
sin_addr=inet_addr("137.75.132.144")}}, [16]) = 8
 getsockname(8, {sin_family=AF_INET, sin_port=htons(5432),
sin_addr=inet_addr("137.75.129.65")}}, [16]) = 0
 setsockopt(8, SOL_TCP, TCP_NODELAY, [1], 4) = 0
 setsockopt(8, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
 fork()                                  = 11197
 close(8)                                = 0
 time(NULL)                              = 1053450868
 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
 select(5, [3 4], [], NULL, {246, 0})    = ? ERESTARTNOHAND
(To be restarted)
 --- SIGCHLD (Child exited) ---

this after password has been sent, strange that it doesn't
seem to do much?

 rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
CONT SYS], NULL, 8) = 0
 wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], WNOHANG,
NULL) = 11197
 send(5,
"\2\0\0\0\30\0\0\0\0\0\0\0\275+\0\0\0\0\0\0\0\0\0\0", 24, 0) = 24
 wait4(-1, 0xbffff06c, WNOHANG, NULL)    = 0
 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
 sigreturn()                             = ? (mask now [])
 rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
CONT SYS], NULL, 8) = 0
 time(NULL)                              = 1053450868
 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
 select(5, [3 4], [], NULL, {246, 0})    = 1 (in [3], left
{233, 800000})
 rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
CONT SYS], NULL, 8) = 0
 accept(3, {sin_family=AF_INET, sin_port=htons(53950),
sin_addr=inet_addr("137.75.132.144")}}, [16]) = 8
 getsockname(8, {sin_family=AF_INET, sin_port=htons(5432),
sin_addr=inet_addr("137.75.129.65")}}, [16]) = 0
 setsockopt(8, SOL_TCP, TCP_NODELAY, [1], 4) = 0
 setsockopt(8, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
 fork()                                  = 11198
 close(8)                                = 0
 time(NULL)                              = 1053450880
 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
 select(5, [3 4], [], NULL, {234, 0})    = ? ERESTARTNOHAND
(To be restarted)
 --- SIGCHLD (Child exited) ---

waiting for another connection...

 rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
CONT SYS], NULL, 8) = 0
 wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], WNOHANG,
NULL) = 11198
 send(5,
"\2\0\0\0\30\0\0\0\0\0\0\0\276+\0\0\0\0\0\0\0\0\0\0", 24, 0) = 24
 wait4(-1, 0xbffff06c, WNOHANG, NULL)    = 0
 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
 sigreturn()                             = ? (mask now [])
 rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP ABRT BUS FPE SEGV
CONT SYS], NULL, 8) = 0
 time(NULL)                              = 1053450883
 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
 select(5, [3 4], [], NULL, {231, 0}

-a

--
 ====================================
 | Ara Howard
 | NOAA Forecast Systems Laboratory
 | Information and Technology Services
 | Data Systems Group
 | R/FST 325 Broadway
 | Boulder, CO 80305-3328
 | Email: ara.t.howard@xxxxxxxxxxxx
 | Phone:  303-497-7238
 | Fax:    303-497-7259
 ====================================

_______________________________________________

Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

--
 ====================================
 | Ara Howard
 | NOAA Forecast Systems Laboratory
 | Information and Technology Services
 | Data Systems Group
 | R/FST 325 Broadway
 | Boulder, CO 80305-3328
 | Email: ara.t.howard@xxxxxxxxxxxx
 | Phone:  303-497-7238
 | Fax:    303-497-7259
 ====================================

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

--
 ====================================
 | Ara Howard
 | NOAA Forecast Systems Laboratory
 | Information and Technology Services
 | Data Systems Group
 | R/FST 325 Broadway
 | Boulder, CO 80305-3328
 | Email: ara.t.howard@xxxxxxxxxxxx
 | Phone:  303-497-7238
 | Fax:    303-497-7259
 ====================================

_______________________________________________

Pam-list@xxxxxxxxxx

https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list