[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

/etc/security warning



Given a user in /etc/passwd with a legal shell and home directory, but a
password of "*" (Kerberos authentication is used and there is no reason to
have a password in /etc/passwd as well).  In $HOME there is a .ssh
directory, permissions 700.

/etc/security complains "Login %s is off but still has a valid shell and
alternate access files in home directory are still readable.

The code that generates this error is at /etc/security:52.

else if (system("for file in .ssh .rhosts .shosts .klogin; do if test -e
"$9"/$file; then if ((ls -ld "$9"/$file | cut -b 2-10 | grep -q r) && (test
! -O "$9"/$file)) ; then exit 1; fi; fi; done")) printf("Login %s is off but
still has a valid shell and alternate access files in\n\t home directory are
still readable.\n",$1);


Maybe I just have a different concept of readable, but I assume that this
is a security problem if the file is readable by someone other than the
user?  If so, shouldn't the cut be changed to cut -b 5-10?

Or if that isn't the case, what is the proper configuration for an account
that is authenticated by kerberos only so that the error is not produced?

Evan