Re: entry in /etc/passwd

From: Jamie (aouf77@dsl.pipex.com)
Date: 05/01/02


From: Jamie <aouf77@dsl.pipex.com>
To: Yannis Nikolopoulos <yanodd@otenet.gr>, focus-linux@securityfocus.com
Date: Wed, 1 May 2002 21:07:39 +0100

On Tuesday 30 Apr 2002 10:57 am, Yannis Nikolopoulos wrote:
> Hey all,
>
> yesterday I noticed that the last line of my /etc/passwd file
> was something like :
> +::0::0
>
> I didnt put it and it was definitely not there before :)
> I vaguely remember that it has something to do with NIS..

You are right - the '+' signifies that we'll consult the NIS maps
passwd.byname and passwd.byuid for any users not in /etc/passwd.

Now I did a quick search on the ::0::0 part and it looks like any
users who can successfully authenticate themselves via the NIS maps will be
given uid 0 and their GCOS / Comment field entry will be mapped to 0 which
sounds kinda dangerous....

BUT I think the above is only true for older Unix boxes as most now use
/etc/nsswitch.conf to decide whether they will use NIS or not. I think for
the above to work you would need to have the word 'compat' in the passwd line
of your /etc/nsswitch.conf file.

Assuming you have NIS setup on your boxes the quickest way to find out if the
above is true is to try it yourself.

Anyway, hope this helps and let me know how you get on.

Ta leme, ;-)

-jamie.