/etc/shadow - how could it be edited when it is read only
The root user in linux/unix systems can write to a file even if the write flag is not set. Therefore he can change the contents of /etc/shadow
or any other file independent from it's permissions.
The passwd
utility has the setuid bit set. See with:
ls -la /usr/bin/passwd
It should look like this:
-rwsr-xr-x 1 root root 42824 Sep 13 2012 /usr/bin/passwd
Notice the s
in the file owner permission. This indicates the setuid bit. If a normal user now executes the passwd
utility, it is executed with the permission of the file owner; in this case root.
The setuid bit gains temporarily elevated privileges to run a specific task, such as changing things in system files, for example /etc/shadow
or /etc/passwd
.
The setuid bit must be handled with care. That mechanism can be used for several vulnerabilities if set on the wrong binary. Imagine, the /bin/bash
utility would have set the setuid bit; so every user in the system could start a root shell!
Related videos on Youtube
Noob
Updated on September 18, 2022Comments
-
Noob over 1 year
I am trying to change the content of /etc/shadow file but realize it is read only
sghk1> ls -l /etc/shadow -r-------- 1 root sys 4045 Aug 19 16:13 /etc/shadow
the /etc/shadow file permission is read only. in that case how does /usr/bin/passwd change its contents ?
e.g. passwd -x 30 username
-
Noob over 8 yearsI tried editing the /etc/shadow file directly using vi with a :wq, but I am not able to do that. the error it shows "shadow" File is read only so how is /usr/bin/passwd able to write to the file ?
-
chaos over 8 years@Noob That's the editor that tries to warn that you edit a read only file (a file without the
w
flag). Use:wq!
. vi should accept that. -
Noob over 8 yearswhat does ! actually meant in this sense, i always thought ! is use with q which means to quit without saving.
-
chaos over 8 years@Noob
:q!
forces to quit, without saving,:w!
forces to save even when the file is readonly.:wq!
is the same as:w!
+ close the editor.