Thursday, April 28, 2022

[SOLVED] In the case of a normal user with no access to etc/shadow file, how can the passwd command allow him to change his password?

Issue

Technically a regular user with no access to etc/shadow file, shouldn't be able to change his password, since he does not have the permissions to modify etc/shadow file.


Solution

The "/usr/bin/passwd" file is owned by user "root" and has the SETUID bit set. The process executes "/usr/bin/passwd" with effective user ID 0 (root) and so can change the contents of "/etc/shadow".

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 72424 Mar  3 19:41 /usr/bin/passwd
$ #^ That 's' means the file is executable and has the SETUID bit set.
$ # The mode of the file is 4755.


Answered By - Ian Abbott
Answer Checked By - Gilberto Lyons (WPSolving Admin)
at