[Date Prev][Date Next] [Chronological] [Thread] [Top]

getent

To: openldap-software@OpenLDAP.org
Subject: getent
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 21 Jul 2002 17:45:54 +0200

On my RH 7.2 much modified machine, with getent from an unknown
(blushes) mod dated April 2nd 2002, ldap user evy - normal user, without
any other priviledges than ldap group admin -  can do 'getent shadow
$anyone' and get the entry. Even out of /etc/shadow. Shocked me to
distraction. As Unix paranoid, that is.

My solution was to chmod 750 /usr/bin/getent and give sudo rights to me,
tonye. Now she can't any more.

Even so, this seems horrible. Is this normal under Linux? Would it be
normal under Solaris? 'ldd /usr/bin/getent' shows no PAM support.

Best,

Tony

-- 

Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981

Prev by Date: Re:Re: dhcp+ldap
Next by Date: Re: qmail and Ldap
Index(es):
- Chronological
- Thread