15

I wonder what happens what happens when I am changing my password on a Linux system. Basically all passwords are stored in a file called /etc/shadow or /etc/master.passwd in BSD-like systems as I do remember. Both of them are owned by root/wheel with 600 permissions.

So when I change my password using passwd command in terminal it should somehow access this file with root permissions. Then read and write to it.

I am interested in how does it get the root permissions and which process (or processes) are responsible for password change.

guntbert
  • 1,825
  • 2
  • 18
  • 21
PaulOverflow
  • 273
  • 1
  • 9

1 Answers1

21

Basically it's using the suid bit. If you check the passwd command in your machine:

-rwsr-xr-x  1 root   root         43K Feb 15  2011 passwd

SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who runs it. In simple words users will get file owner’s permissions as well as owner UID and GID when executing a binary. So the binary is actually being run as root when you run it.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • 5
    Because of this, commands like ``passwd`` can be vulnerable to [privilege escalation exploits](http://en.wikipedia.org/wiki/Privilege_escalation) – SameOldNick Dec 08 '14 at 02:33