Date: Sat, 2 Aug 2003 11:40:50 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 35404 for review Message-ID: <200308021840.h72IeomY022141@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=35404 Change 35404 by rwatson@rwatson_paprika on 2003/08/02 11:39:58 Expand on the user account manipulation tools and their user of privilege. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#6 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#6 (text+ko) ==== @@ -2122,12 +2122,16 @@ <title>User Management Tools</title> <para>A variety of tools exist to monitor and modify the local - user databases. Most monitoring tools may execute - unprivileged, as they read from world-readable files via NSS; - these commands include id, finger, and others. Management - tools must, in general, run with a high level of privilege, as - they manipulate sensitive user account properties which may, - in turn, affect user privileges.</para> + account databases. + Most monitoring tools may execute unprivileged, as they read + from world-readable files via NSS; these commands include id, + finger, and others. + Management tools must, in general, run with a high level of + privilege, as they manipulate sensitive user account properties + which may, in turn, affect user privileges. + In general, account management tools are not setuid or + setgid, and must therefore be invoked as the root user so + that they have sufficient privilege for their operation.</para> <para>adduser: Interactively add a user to the system password database; create and populate the user's home directory. @@ -2137,41 +2141,58 @@ <para>rmuser: Interactively remove a user from the system password database; garbage collect the user's home directory, mail file, cron tab, kills any processes owned by the - user, and removes any at(8) jobs. This tool must be run as - root so that adequate privilege is held to modify the - required files and directories, and to kill user - processes.</para> + user, and removes any at(8) jobs. + This tool must be run as root so that adequate privilege is + held to modify the required files and directories, and to kill + user processes.</para> <para>pw: General command-line based user management tool. This tool encapsulates a variety of account management elements, updating the system account databases, including adding users, deleting users, modifying users, showing users, adding groups, deleting groups, modifying groups, - and locking or unlocking accounts. This tool must be run - as root so that adequate privilege is held to modify - the required files and directories.</para> + and locking or unlocking accounts. + This tool must be run as root so that adequate privilege is + held to modify the required files and directories.</para> - <para>vipw: Edit and rebuild the password file. This - tool loads the master (shadow) password file into the + <para>vipw: Edit and rebuild the password file. + This tool loads the master (shadow) password file into the user's default editor; if the file is modified, the - password databases will be rebuilt. This tool must - be run as root so that adequate privilege is held to - modify the required files.</para> + password databases will be rebuilt. + This tool must be run as root so that adequate privilege is + held to modify the required files.</para> - <para>chpass: Edit a user's entry in the password file, rebuild</para> - <!-- setuid root so it can modify password file --> + <para>chpass: Tool for editing user account settings in the + master password file; loads current account information + into an editor, validates changes, and rebuilds the password + database. + Unprivileged users are permitted only to modify selected + fields of their account information (shell, subject to + shell restrictions, GECOS fields); the root user is + permitted to modify any password file field for the user. + This tool executes setuid root so that it may modify the + password file and rebuild the database, even if executed + as a non-root user.</para> - <para>passwd: Change a user's password</para> - <!-- setuid root so it can modify password file --> + <para>passwd: Change a user's password. + This tool changes the password of a user using PAM, + which for local UNIX authentication will modify and + rebuild the password database. + Unprivileged users are permitted only to modify their own + password; for UNIX password authentication, the current + password must be provided to set the new password. + With the UNIX password authentication mechanism, the root + user is permitted to change the password of any user + without knowledge of the current password. + This tool executes setuid root so that it may modify the + password file and rebuild the database, even if executed + by a non-root user.</para> - <para>pwd_mkdb: Rebuild password file database</para> - <!-- Runs with user privilege --> - - <para>Each of these will manipulate user home directories, as well - as the password and group files, create and remove mail files, - cron tables, scrub at jobs, etc.</para> - - <para>XXX requires revision</para> + <para>pwd_mkdb: Rebuild password file database. + This tool regenerates the binary database files from the + password files. + This tool must be run as root so that adequate privilege is + held to modify the required files.</para> </sect3> </sect2>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308021840.h72IeomY022141>