/etc/shadow - how could it be edited when it is read only

linux unix permissions filesystems file-permissions
7,731

The root user in linux/unix systems can write to a file even if the write flag is not set. Therefore he can change the contents of /etc/shadow or any other file independent from it's permissions.

The passwd utility has the setuid bit set. See with:

ls -la /usr/bin/passwd

It should look like this:

-rwsr-xr-x 1 root root 42824 Sep 13  2012 /usr/bin/passwd

Notice the s in the file owner permission. This indicates the setuid bit. If a normal user now executes the passwd utility, it is executed with the permission of the file owner; in this case root.

The setuid bit gains temporarily elevated privileges to run a specific task, such as changing things in system files, for example /etc/shadow or /etc/passwd.

The setuid bit must be handled with care. That mechanism can be used for several vulnerabilities if set on the wrong binary. Imagine, the /bin/bash utility would have set the setuid bit; so every user in the system could start a root shell!

Share:
7,731

Related videos on Youtube

Noob
Author by

Noob

Updated on September 18, 2022

Comments

  • Noob
    Noob over 1 year

    I am trying to change the content of /etc/shadow file but realize it is read only

    sghk1> ls -l /etc/shadow
-r--------   1 root     sys         4045 Aug 19 16:13 /etc/shadow

    the /etc/shadow file permission is read only. in that case how does /usr/bin/passwd change its contents ? 

    e.g. passwd -x 30 username
  • Noob
    Noob over 8 years
    I tried editing the /etc/shadow file directly using vi with a :wq, but I am not able to do that. the error it shows "shadow" File is read only so how is /usr/bin/passwd able to write to the file ?
  • chaos
    chaos over 8 years
    @Noob That's the editor that tries to warn that you edit a read only file (a file without the w flag). Use :wq!. vi should accept that.
  • Noob
    Noob over 8 years
    what does ! actually meant in this sense, i always thought ! is use with q which means to quit without saving.
  • chaos
    chaos over 8 years
    @Noob :q! forces to quit, without saving, :w! forces to save even when the file is readonly. :wq! is the same as :w! + close the editor.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Editing files in /var/www
How do file permissions apply to symlinks?
Directory that a user can read, but root can't?
What is the sticky bit in UNIX file systems? When is it used?
"chown -R root /" how screwed am I?
understanding and decoding the file mode value from stat function output
What is the meaning of hyphen in '-rwxrwxrwx'
How does rm work? What does rm do?
Give a group write permission to a folder
How to I use Linux Groups to restrict read, write, execute access by other users to a directory?