[wplug] /etc/master.passwd Was: Re: SpamAssassin -- user_prefs security hole?

James O'Kane jo2y at midnightlinux.com
Wed May 26 17:14:33 EDT 2004


On Wed, 26 May 2004, Brandon Kuczenski wrote:

> > /etc/master.passwd (the "shadow password" file) contains a field for defining
> > which profile each user belongs to, so you can add different users to
> > different resource limit profiles.  If you don't define a profile, the system
> > gives them the "default" profile, which (as you can see) is unlimited by
> > default.
>
> /etc/shadow in redhat

Correct me if I'm wrong, but I think /etc/master.passwd isn't exactly the
same as /etc/shadow. At least one of the BSDs use a dbm database for the
password file, and master.passwd is a plain-text version of the file where
text changes can be made. A command needs to be run to rebuild the
password database. If I remember right, it offers a few extra fields than
/etc/passwd on a linux system does.

-james




More information about the wplug mailing list