Bug 78153 - empty /etc/password password overrides /etc/shadow
empty /etc/password password overrides /etc/shadow
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: pwdb (Show other bugs)
7.3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Jay Turner
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-19 09:39 EST by Ronan Waide
Modified: 2015-01-07 19:01 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-18 13:32:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ronan Waide 2002-11-19 09:39:55 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020827

Description of problem:
Having configured my machine to use shadow passwords, I noticed that by removing
the 'x' from the password field in /etc/passwords, I can log into the associated
account without any password.

Version-Release number of selected component (if applicable):
pwdb-0.61.2-2

How reproducible:
Always

Steps to Reproduce:
1. Configure for shadow passwords
2. Edit /etc/passwd, remove the 'x' from the root account passwd field
3. Log in as root sans password
	

Actual Results:  Login succeeds

Expected Results:  I would expect the shadow file to override the password file.
However, this may be conforming to some standard that I'm unaware of. Either
way, I believe this behaviour should be either documented or fixed as appropriate.

It's also difficult to track down, since 'passwd' updates the shadow file
correctly but does not alert the user to the error in the passwd file.

Additional info:
The machine in question is running 7.3 with all updates. I am guessing that pwdb
is the component at fault since it's the bit concerned with talking to
/etc/passwd and /etc/shadow.
Comment 1 Alan Cox 2002-12-18 13:32:38 EST
Its expected unix behaviour. You can stop null being allowed like that by
removing the "nullok" in the PAM configuration. See the PAM docs

Note You need to log in before you can comment on or make changes to this bug.