-----Original Message----- From: linuxers-bounces@mm.ilug-bom.org.in [mailto:linuxers- bounces@mm.ilug-bom.org.in] On Behalf Of Priyam Chatterjee Sent: Thursday, October 07, 2004 10:31 PM To: GNU/Linux Users Group, Mumbai, India Subject: [ILUG-BOM] /etc/passwd
I have not yet found the answer to this question, hence asking it
here.
[ah] *Comments Inline*
The /etc/passwd and /etc/shadow files have read-only permissions for users (/etc/shadow is read-only for root too!).
[ah] Not true, I think /etc/shadow is root owned... and you can chmod it to any darn permission you want.
Still using the passwd command users are able to change their passwords (which means changing the corresponding entries in /etc/shadow). I understand that both
these
files are not accessed directly by the commands but by some API's (google gives this much info !!)... so as far as I understand, the API must be running with SU perms.... but still users are able to change only their own passwds (and not others)...
[ah] Authentication mechanisms in GNU/Linux are modular. Databases, Directories (LDAP) and Kerberos can be used. Something called PAM is responsible for what really goes on behind the scenes. PAM stands for Pluggable Authentication Module.
Though I don't know much of the specifics... you need to research more into getty, PAM and the shadow suite. And hey, now that you're into it... here's a trick question:
Q. Why does the text login prompt say 'login:' for username and 'Password:' for password? Note the differences in the capitalization. Why? :)
Regards,
[ah]