Priyam Chatterjee wrote:

I have not yet found the answer to this question, hence asking it here.

The /etc/passwd and /etc/shadow files have read-only permissions for users (/etc/shadow is read-only for root too!). Still using the passwd command users are able to change their passwords (which means changing the corresponding entries in /etc/shadow). I understand that both these files are not accessed directly by the commands but by some API's (google gives this much info !!)... so as far as I understand, the API must be running with SU perms.... but still users are able to change only their own passwds (and not others)...

This is what I know. The API you are talking about is "setuid()". When any program is executed, it runs with the uid of the user. but the setuid system call can change the effective uid of the program if the executable has it's setuid bit set. If you look at the file permission of the passwd program you will see something like this.. -rwsr-xr-x 1 root shadow 79765 2004-04-06 07:56 /usr/bin/passwd where 's' tells you that "passwd" has it's setuid bit set. Hence the program can run as root even when it is invoked from any user. The answer to your next question i.e why can't it modify other user's password when it is running as root? is it could but it won't. i.e. the program (passwd) logic is written in such a way that it will allow changing of arbitary user's password only if it is invoked by the root. I haven't looked at the code of passwd but this is what I think happens

if(effective UID is root){ if username specified in the command line, do the following for that user else for "root"{ prompt for new password; encrypt and save; } } else{ save effective UID; setuid(root); prompt for existing password of user UID and verify; prompt for new password of user UID; encrypt and save; }

You can ofcourse write your own passwd program which can allow normal users to cange other users passwords.

Shourya