On Thu, 31 Mar 2005, Christian Perrier wrote: > package passwd > severity 89523 minor > tags 89523 upstream > forwarded 89523 Tomasz Kłoczko <[EMAIL PROTECTED]> > thanks > > I confirm that using passwd to change root's password on a system > where the "+::::::" is the last line of /etc/passwd changes it to > +::0:0::: > > As noted in the bug log, this seems harmless and is more an > aesthetical bug, if this is a bug and not a feature. > > Tomasz, any input on this?
On using old compat type NIS implementation IIRC isn't possible to specify range UIDs/GIDs which can be managed by NIS. Somerimes have NISed root accout can be good feacture (I know some clustred enviroment where it is used). Latest NIS implemetation prepared by Thornsten Kukluk have ability to specify range UIDs/GIDs managed by ypserver but only on level scripts for converting files to NIS db files. If intruder wil have ability for injectin root account directly to NIS db files this fact will not be even reported by ypeserv. On clint side (ypbind) also in current implememtation there is no configuration parameters which will allow force range UIDs/GIDs imported from NIS server (maybe it will be good report this as kind RFE for Thornsten). Summarize: I'm not shure is classify this case as bug is correct. Maybe document this as feacture will be better. kloczek -- ----------------------------------------------------------- *Ludzie nie mają problemów, tylko sobie sami je stwarzają* ----------------------------------------------------------- Tomasz Kłoczko, sys adm @zie.pg.gda.pl|*e-mail: [EMAIL PROTECTED]
