Login program (daemon? not sure)

[TheQuirk]

If /etc/shadow can only be viewed by root, doesn't "login" have to run as root (for a period of time, anyway?) aswell? Isn't this a bit unsafe? Am I right about the fact that it runs as root?

[voidmain]

"init" spawns "getty" which in turn spawns "login" which in turn spawns the user's shell. The init/getty/login indeed run as root in order to perform the password authentication. The shell itself obviously runs under the privelages of the user who has logged in.

It's a lot more secure than letting all users have access to the encrypted password file but there really isn't any other way I can think of that would be better. If you can, then it surely would get implemented if you brought it up. Most Linux/UNIX systems work this way.

[ January 17, 2003: Message edited by: void main ]

[TheQuirk]

Couldn't you run it as "nobody"?

[choasforages]

if the tty's and some other thnigs were owned by nobody. maybe hurd has something to correct this, or SElinux, with its mandatory access lists

[voidmain]

You could not run it as nobody. It doesn't get run until you type in your id and passwd. If login determines that your id/passwd is valid it spawns a shell with your user privelages and then exits. It has to run as root because no other user has the authority, for one to read the /etc/shadow, but more importantly invoke a user shell under the privelages of any other user. Even NT/2k etc work similarly. I don't understand the concern.

[ January 17, 2003: Message edited by: void main ]

[choasforages]

thats almost what i was trying to say, that to set it to somethign else, you would have to make it totaly insecure to do it that way

[TheQuirk]

I don't have a concern. Just thinking.

BTW, when I meant "running it as nobody", I meant  allowing "nobody" have access to /etc/shadow... Of course, then other things that use "nobody" would have access aswell, so I guess it's a bad idea.

[ January 18, 2003: Message edited by: TheQuirk ]