Date: Wed, 15 May 1996 15:44:44 +0200 (MET DST) From: "Christoph P. Kukulies" <kuku@gilberto.physik.rwth-aachen.de> To: tinguely@plains.nodak.edu (Mark Tinguely) Cc: freebsd-hackers@freefall.freebsd.org, kuku@gilberto.physik.rwth-aachen.de Subject: Re: yppasswdd permissions/ownership Message-ID: <199605151344.PAA29027@gilberto.physik.rwth-aachen.de> In-Reply-To: <199605151326.IAA23557@plains.nodak.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > We want to allow our NIS users on the clients to set their yp passwords. > > Since /etc/master.passwd is rw------- root wheel and yppasswdd runs > > as bin bin it seems to me impossible to change the master password database. > > > > Shouldn't yppasswdd better be run as 4755 root bin ? Or is this > > a potential security hole? > > yppasswdd is a daemon that runs as root. ypasswdd is started from /etc/rc Yes, of course it runs as root - I must have had a blackout :-) > because your /etc/sysconfig has the line: > > yppasswddflags="-m /etc/master.passwd -s -f" We are running yppasswd with these flags. I just gave it a test. I could do a passwd on the client. After that I could not login into the client. I could well login into the server with the new password. Might it be some problem with DES/MD5 encryption? I build world with NOCRYPT. All binaries are from -current. > > --mark. > --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605151344.PAA29027>