Linux Unix help !!

"Give respect to Time, One day at right Time, Time will respect You"

Friday, April 29, 2011

how a normal user update shadow file on password change

xxxxxxxxxxx How a normal user changes his password and updated shadow file xxxxxxxxxxxxx

Note:
permission on /etc/shadow is: 400
permission on /etc/password : 644
permission on /usr/bin/passwd : 4755  ( suid is set)

Can root change own/others password ?: yes (Even he is having read permission on shadow,
but ofcourse root can update any file which is on properly mounted partition)

But can a normal user change his pasword ? : Yes (HOW? he is not having write permission on password and even not having read permission on shadow so how????)

Here's the solution why??

# which passwd
/usr/bin/passwd

# ls -l  /usr/bin/passwd
-rwsr-xr-x 1 root root 27768 Jan  6  2007 /usr/bin/passwd

Note: The permission on command binary /usr/bin/passwd is 4755 mean any user can execute it and suid is set on it mean, it must be executed as root it's dose not matter who is executing it, and root have authority to update any file .

But if we look into this scenario then can user keep any password of him and can he change any's password Noooo???

Because passwd binary it's itself authenticate via PAM and run accordingly.


=> inode is is data structure in unix/linux file system
how a user updated passwd, shadow passwd, passwd /etc/passwd, /etc/shadow, passwd linux, normal user updaed shadow file how?
Posted by Shirish Shukla at Friday, April 29, 2011
3 comments

Thursday, April 21, 2011

ssh without password

xxxxxxxxxxxxxxxxxxxxx SSH Login Without Password By- Shirish Shukla xxxxxxxxxxxxxxxxxxxxxxx

Example: ssh from shirish@client-1  to shukla@server-1  without password
Server-1: 192.168.8.10               
Client-1: 192.168.8.20

#####ON Client-1: 192.168.8.20 : user  shirish
### Login as shirish

# ssh-keygen -t dsa
----------------------------------------------->> Just press Enter don't type anything

Generating public/private dsa key pair.
Enter file in which to save the key (/home/shirish/.ssh/id_dsa):  <--Enter
Created directory '/home/shirish/.ssh'.                                    
Enter passphrase (empty for no passphrase):                          <--Enter
Enter same passphrase again:                                               <--Enter
Your identification has been saved in /home/shirish/.ssh/id_dsa.
Your public key has been saved in /home/shirish/.ssh/id_dsa.pub.
The key fingerprint is:
d8:6c:cb:2a:e7:24:01:43:9f:96:4a:45:e6:93:9b:f4 shirish@my.scratch.com

# ssh-copy-id -i .ssh/id_dsa.pub shukla@192.168.8.10

The authenticity of host '192.168.8.10 (192.168.8.10)' can't be established.
RSA key fingerprint is e8:0b:8a:d3:1a:d1:ce:ec:d8:f9:13:31:79:c8:03:ed.
Are you sure you want to continue connecting (yes/no)?  yes                        <--type yes
Warning: Permanently added '192.168.8.10' (RSA) to the list of known hosts.

Password:                                <-- type password of shukla on Server-1: 192.168.8.10               

Now try logging into the machine, with "ssh 'shukla@192.168.8.10'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

#####ON Server-1: 192.168.8.10
### Login as shukla  and confirm following
1> permission of /home/shukla/.ssh    700
$ ls -lrthd .ssh/
drwx------ 2 shukla shukla 4.0K Mar 12 13:51 .ssh/

2> permission of /home/shukla/.ssh/authorized_keys    600
$ ls -lrth .ssh/
-rw------- 1 shukla shukla 614 Mar 12 13:51 authorized_keys

########### Now login as shirish on Client-1:192.168.8.20
## ssh shukla@192.168.8.10
------------------------------------------------------>> It will not prompt for password

# Faced any problem Feedback in above contact me
#===============================Scratch=============================#
# AND Many More .....................Linux is Endless                                                                       #
#=========================== Hope you Liked IT ========================#
#                                                                                                   SSH-I  -- BY Shirish Shukla   #
#                                                                                                                 RHC Engineer 2010 #
#                                                                                                            shirish.linux@gmail.com #
#                                                                                                           shirishlinux.blogspot.com #
#                                  "Give Respect To Time One Day At Right Time, Time Will Respect You" #
#=================================================================#
# TRy Hard theres nothing that are un-achievable by HARDdd-WORKkk                                    #
#=================================================================#
linux ssh without password, password linux ssh, ssh, password sshd, sshd without password, login without password linux, ssh to a system without password
Posted by Shirish Shukla at Thursday, April 21, 2011
2 comments
Subscribe to: Posts (Atom)

Followers

Pls LIKE my Story !!!