/etc/shadow - how could it be edited when it is read only

The root user in linux/unix systems can write to a file even if the write flag is not set. Therefore he can change the contents of /etc/shadow or any other file independent from it's permissions.

The passwd utility has the setuid bit set. See with:

ls -la /usr/bin/passwd

It should look like this:

-rwsr-xr-x 1 root root 42824 Sep 13  2012 /usr/bin/passwd

Notice the s in the file owner permission. This indicates the setuid bit. If a normal user now executes the passwd utility, it is executed with the permission of the file owner; in this case root.

The setuid bit gains temporarily elevated privileges to run a specific task, such as changing things in system files, for example /etc/shadow or /etc/passwd.

The setuid bit must be handled with care. That mechanism can be used for several vulnerabilities if set on the wrong binary. Imagine, the /bin/bash utility would have set the setuid bit; so every user in the system could start a root shell!

chaos

Posted 2015-08-19T08:38:50.097

Reputation: 3 704

I tried editing the /etc/shadow file directly using vi with a :wq, but I am not able to do that. the error it shows "shadow" File is read only so how is /usr/bin/passwd able to write to the file ? – Noob – 2015-08-24T01:11:53.020

1@Noob That's the editor that tries to warn that you edit a read only file (a file without the w flag). Use :wq!. vi should accept that. – chaos – 2015-08-24T16:58:55.493

what does ! actually meant in this sense, i always thought ! is use with q which means to quit without saving. – Noob – 2015-08-24T17:29:00.583

1@Noob :q! forces to quit, without saving, :w! forces to save even when the file is readonly. :wq! is the same as :w! + close the editor. – chaos – 2015-08-24T18:25:10.160

/etc/shadow - how could it be edited when it is read only

Answers