Can you advise over it..this was question for me to check but was not able to get this ...if the group can help.. can you advise.. my question is clear that we should not be root or root user to do that
Asked
Active
Viewed 1,498 times
1
-
1have you tried "man passwd"? – Solar Mike Aug 28 '17 at 17:26
-
See also [Can I make a script always execute as root?](https://superuser.com/q/440363/150988) and/or [How to run a program as root without “sudo”?](https://superuser.com/q/290903/150988) – Scott - Слава Україні Aug 28 '17 at 21:59
-
… or go to [Unix & Linux Stack Exchange](https://unix.stackexchange.com/) and search for setuid. – Scott - Слава Україні Aug 28 '17 at 22:02
-
@SolarMike: The question makes it fairly clear that the OP understands *that* a normal user can run ``passwd``. I don’t see anything in the man page that explains *how* that’s possible. – Scott - Слава Україні Aug 28 '17 at 22:06
-
I believe SUID will help.. – Deepesh Aug 30 '17 at 04:43
2 Answers
2
The passwd utility has the setuid bit set. It means that it will be run as root.
$ ls -lh /usr/bin/passwd
-rwsr-xr-x 1 root root 53K May 17 01:37 /usr/bin/passwd
So this utility will be able to modify the /etc/shadow and /etc/passwd files, which are owned by root.
As it is written in the man page,
A normal user may only change the password for his/her own account
Programs using the setuid bit should be really carefully designed, since running as root is a real security risk.
pim
- 742
- 6
- 21
1
Yes. Any user can run passwd to change their own password.
uSlackr
- 8,955
- 31
- 48
-
-
-
***I know that*** — see my comments on the question. My point is that the question the question asks *How?* and your post doesn’t answer that. – Scott - Слава Україні Aug 30 '17 at 02:03