[Date Prev][Date Next] [Chronological] [Thread] [Top]


On my RH 7.2 much modified machine, with getent from an unknown
(blushes) mod dated April 2nd 2002, ldap user evy - normal user, without
any other priviledges than ldap group admin -  can do 'getent shadow
$anyone' and get the entry. Even out of /etc/shadow. Shocked me to
distraction. As Unix paranoid, that is.

My solution was to chmod 750 /usr/bin/getent and give sudo rights to me,
tonye. Now she can't any more.

Even so, this seems horrible. Is this normal under Linux? Would it be
normal under Solaris? 'ldd /usr/bin/getent' shows no PAM support.




Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981