[Date Prev][Date Next]
On my RH 7.2 much modified machine, with getent from an unknown
(blushes) mod dated April 2nd 2002, ldap user evy - normal user, without
any other priviledges than ldap group admin - can do 'getent shadow
$anyone' and get the entry. Even out of /etc/shadow. Shocked me to
distraction. As Unix paranoid, that is.
My solution was to chmod 750 /usr/bin/getent and give sudo rights to me,
tonye. Now she can't any more.
Even so, this seems horrible. Is this normal under Linux? Would it be
normal under Solaris? 'ldd /usr/bin/getent' shows no PAM support.
gpg public key: http://www.billy.demon.nl/tonni.armor
Telefoon: (+31) (0)172 530428
Mobiel: (+31) (0)6 51153356
GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981