On 10-Mar-2000 Paul Richards wrote:
| Non-root users can use the pw command to get information from the
| master.passwd file e.g.
|
| ps showuser paul
| paul:*:1000:1000::0:0:& Richards:/home/paul:/usr/local/bin/bash
|
| which shows the class, password expiry and account expiry. I'm not sure
| whether that's information that should be kept secure but it does seem
| like 'pw' is the only command that makes it available. The 'chsh'
| command doesn't show this information except when run as root for
| instance.
|
pw(8) uses getpwuid(3) to retrieve a password entry from the world readable
/etc/pwd.db. It doesn't open master.passwd, (well at least when run as a
non-superuser).
IMO, that information is not something that needs to be secured.
/****************************************
* Mike Heffner <[EMAIL PROTECTED]> *
* Fredericksburg, VA -- ICQ# 882073 *
* Sent at: 10-Mar-2000 -- 00:58:18 EST *
* http://my.ispchannel.com/~mheffner *
****************************************/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message