A little bit more interesting discoveries while digging into the passwd code file.
The ‘s’ flag in file permission
First, the file permission of passwd executable is -rwsr-xr-x
. There’s an ‘s’ flag which don’t usually appear in common Unix files. The usage of the ‘s’ field is explained here:
http://en.wikipedia.org/wiki/Setuid
Which means when a user runs the passwd program, his effective uid will become the owner of the executable file, which is root in this case. While inside the passwd program, it uses getuid
, which returns the user’s real id instead of effective id.
On updating the shadow file
I also do notice that the whole passwd program would only require one Unix system capability: the CAP_FCHOWN
capability, which is required when you’re changing the owner of one file. Here’s why the program needs it.
As a matter of fact, the passwd program never actually directly writes into the /etc/shadow
file. For some reason (perhaps security concerns), it writes into a temp file first, set the uid and gid of the temp file, and then rewrite the shadow file with the temp file.
The code is defined in commonio.c
file, commonio_update
function. As described in the code bellow:
1 | // set the temp filename |
Written with StackEdit.