On 10-Mar-2000 Paul Richards wrote:
  | Non-root users can use the pw command to get information from the
  | master.passwd file e.g.
  | 
  | ps showuser paul
  | paul:*:1000:1000::0:0:& Richards:/home/paul:/usr/local/bin/bash
  | 
  | which shows the class, password expiry and account expiry. I'm not sure
  | whether that's information that should be kept secure but it does seem
  | like 'pw' is the only command that makes it available. The 'chsh'
  | command doesn't show this information except when run as root for
  | instance.
  | 

pw(8) uses getpwuid(3) to retrieve a password entry from the world readable
/etc/pwd.db. It doesn't open master.passwd, (well at least when run as a
non-superuser).

IMO, that information is not something that needs to be secured.

/****************************************
 * Mike Heffner <[EMAIL PROTECTED]>    *
 * Fredericksburg, VA -- ICQ# 882073    *
 * Sent at: 10-Mar-2000 -- 00:58:18 EST *
 * http://my.ispchannel.com/~mheffner   *
 ****************************************/


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to