Password file issues

Password file issues
By Aeleen Frisch

Passwords are, of course, an important part of security, but aside from imposing password creation restrictions, administrators can overlook password maintenance. This tip from Aeleen Frisch's book Essential System Administration,

    Requires Free Membership to View

published by O'Reilly Associates, gives some advice for maintaining the integrity of password files.

It is important to examine the password file regularly for potential account-level security problems, (as well as the shadow password file when applicable). In particular, it should be examined for:

* Accounts without passwords.

* UIDs of 0 for accounts other than root (which are also superuser accounts).

* GIDs of 0 for accounts other than root. Generally, users don't have group 0 as their primary group.

* Accounts added or deleted without your knowledge.

* Other types of invalid or improperly formatted entries.

* The file's own ownership and permissions.

Under System V, SunOS and Linux (via shadow package), the pwck command will perform some simple syntax checking on the password file and can identify some security problems with it (AIX provides the very similar pwdck command to check its several user account database files). pwck will report on invalid usernames (including null ones), UIDs and GIDs, null or nonexistent home directories, invalid shells and entries with the wrong number of fields (often indicating extra or missing colons and other typos). However, it won't find a lot of other, more serious security problems. You'll need to check for those periodically in some other manner. (The grpck command performs similar simple syntax checking for the /ect/group file.)

Related book

Essential System Administration, Second Edition
Author : Aeleen Frisch
Publisher : O'Reilly & Associates
ISBN/CODE : 1565921275
Cover Type : Soft Cover
Pages : 788
Published : Sept. 1995
Essential System Administration takes an in-depth look at the fundamentals of UNIX system administration in a real-world, heterogeneous environment. The book approaches UNIX system administration from the perspective of your job -- the routine tasks and troubleshooting that make up your day. Whether you're dealing with frustrated users, convincing an uncomprehending management that you need new hardware, rebuilding the kernel, or simply adding new users, you'll find help in this book. You'll also learn about back up and restore and how to set up printers, secure your system and perform many other system administration tasks. But the book is not for full-time system administrators alone. Linux users and others who administer their own systems will benefit from its practical, hands-on approach.

This was first published in January 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.