"In the previous message, Mike Raffety said..." > > On some Unix systems (e.g., SunOS 4.x), passwd has a "-F" flag allowing > you to specify the file to use (instead of /etc/passwd). It appears > that the passwd program pays no attention to permissions on that file; > it runs setuid to root (of course), and accesses the file without doing > any permission checking. So what? One can copy /etc/passwd and edit it with an EDITOR. So? Login reads /etc/passwd, not whatever file the user chooses. Until the user can write the changes into /etc/passwd (and sometimes /etc/security/passwd.adjunct), he has accomplished NOTHING. Remeber, the passwd command does not determine account access. [ ... ] > I've just figured this out; is it a well-known bug? Are there any > other consequences? Its not a problem. -- pat@rwing [If all fails, try: rwing!pat@ole.cdac.com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.