# More On Passwd

A little bit more interesting discoveries while digging into the passwd code file.

## The ‘s’ flag in file permission

First, the file permission of passwd executable is -rwsr-xr-x. There’s an ‘s’ flag which don’t usually appear in common Unix files. The usage of the ‘s’ field is explained here:

http://en.wikipedia.org/wiki/Setuid

Which means when a user runs the passwd program, his effective uid will become the owner of the executable file, which is root in this case. While inside the passwd program, it uses getuid, which returns the user’s real id instead of effective id.

## On updating the shadow file

I also do notice that the whole passwd program would only require one Unix system capability: the CAP_FCHOWN capability, which is required when you’re changing the owner of one file. Here’s why the program needs it.

As a matter of fact, the passwd program never actually directly writes into the /etc/shadow file. For some reason (perhaps security concerns), it writes into a temp file first, set the uid and gid of the temp file, and then rewrite the shadow file with the temp file.

The code is defined in commonio.c file, commonio_update function. As described in the code bellow:

Written with StackEdit.