A little bit more interesting discoveries while digging into the passwd code file.
The ‘s’ flag in file permission
First, the file permission of passwd executable is
-rwsr-xr-x. There’s an ‘s’ flag which don’t usually appear in common Unix files. The usage of the ‘s’ field is explained here:
Which means when a user runs the passwd program, his effective uid will become the owner of the executable file, which is root in this case. While inside the passwd program, it uses
getuid, which returns the user’s real id instead of effective id.
On updating the shadow file
I also do notice that the whole passwd program would only require one Unix system capability: the
CAP_FCHOWN capability, which is required when you’re changing the owner of one file. Here’s why the program needs it.
As a matter of fact, the passwd program never actually directly writes into the
/etc/shadow file. For some reason (perhaps security concerns), it writes into a temp file first, set the uid and gid of the temp file, and then rewrite the shadow file with the temp file.
The code is defined in
commonio_update function. As described in the code bellow:
// set the temp filename
Written with StackEdit.