On Thu, 13 Nov 2003 03:59, Andreas Metzler wrote:
> > Also I believe that Lee's statement regarding NIS is incorrect,
> > unix_chkpwd only does /etc/shadow.
>
> testing.....
>
> You are wrong, unix_chkpwd does NIS (at least in the szenario I just
> tested). After changing unix_chkpwd from 4755 root:root to 2755
> root:shadow a NIS user can not unlock the terminal he has just locked
> himself with vlock anymore.
I've just read the code more carefully. It seems that the only NIS specific
code is the following:
if (strcmp(pwd->pw_passwd, "*NP*") == 0) { /* NIS+ */
uid_t save_uid;
save_uid = geteuid();
seteuid(pwd->pw_uid);
spwdent = getspnam(name);
seteuid(save_uid);
salt = x_strdup(spwdent->sp_pwdp);
} else {
salt = x_strdup(pwd->pw_passwd);
}
Now if the program is SGID shadow (same as vlock incidentally) then the UID of
the process should already be the same as pwd->pw_uid and therefore it should
all work.
Or do you have to be root for getpwnam() to work on NIS accounts?
Could you please do some more tests on this?
