PERFORCE change 35404 for review

Robert Watson rwatson at FreeBSD.org
Sat Aug 2 18:40:50 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=35404

Change 35404 by rwatson at rwatson_paprika on 2003/08/02 11:39:58

	Expand on the user account manipulation tools and their user of
	privilege.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#6 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#6 (text+ko) ====

@@ -2122,12 +2122,16 @@
 	<title>User Management Tools</title>
 
 	<para>A variety of tools exist to monitor and modify the local
-	  user databases.  Most monitoring tools may execute
-	  unprivileged, as they read from world-readable files via NSS;
-	  these commands include id, finger, and others.  Management
-	  tools must, in general, run with a high level of privilege, as
-	  they manipulate sensitive user account properties which may,
-	  in turn, affect user privileges.</para>
+	  account databases.
+	  Most monitoring tools may execute unprivileged, as they read
+	  from world-readable files via NSS; these commands include id,
+	  finger, and others.
+	  Management tools must, in general, run with a high level of
+	  privilege, as they manipulate sensitive user account properties
+	  which may, in turn, affect user privileges.
+	  In general, account management tools are not setuid or
+	  setgid, and must therefore be invoked as the root user so
+	  that they have sufficient privilege for their operation.</para>
 
 	<para>adduser: Interactively add a user to the system password
 	  database; create and populate the user's home directory.
@@ -2137,41 +2141,58 @@
 	<para>rmuser: Interactively remove a user from the system
 	  password database; garbage collect the user's home directory,
 	  mail file, cron tab, kills any processes owned by the
-	  user, and removes any at(8) jobs.  This tool must be run as
-	  root so that adequate privilege is held to modify the
-	  required files and directories, and to kill user
-	  processes.</para>
+	  user, and removes any at(8) jobs.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files and directories, and to kill
+	  user processes.</para>
 
 	<para>pw: General command-line based user management tool.
 	  This tool encapsulates a variety of account management
 	  elements, updating the system account databases, including
 	  adding users, deleting users, modifying users, showing
 	  users, adding groups, deleting groups, modifying groups,
-	  and locking or unlocking accounts.  This tool must be run
-	  as root so that adequate privilege is held to modify
-	  the required files and directories.</para>
+	  and locking or unlocking accounts.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files and directories.</para>
 
-	<para>vipw: Edit and rebuild the password file.  This
-	  tool loads the master (shadow) password file into the
+	<para>vipw: Edit and rebuild the password file.
+	  This tool loads the master (shadow) password file into the
 	  user's default editor; if the file is modified, the
-	  password databases will be rebuilt.  This tool must
-	  be run as root so that adequate privilege is held to
-	  modify the required files.</para>
+	  password databases will be rebuilt.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files.</para>
 
-	<para>chpass: Edit a user's entry in the password file, rebuild</para>
-	<!-- setuid root so it can modify password file -->
+	<para>chpass: Tool for editing user account settings in the
+	  master password file; loads current account information
+	  into an editor, validates changes, and rebuilds the password
+	  database.
+	  Unprivileged users are permitted only to modify selected
+	  fields of their account information (shell, subject to
+	  shell restrictions, GECOS fields); the root user is
+	  permitted to modify any password file field for the user.
+	  This tool executes setuid root so that it may modify the
+	  password file and rebuild the database, even if executed
+	  as a non-root user.</para>
 
-	<para>passwd: Change a user's password</para>
-	<!-- setuid root so it can modify password file -->
+	<para>passwd: Change a user's password.
+	  This tool changes the password of a user using PAM,
+	  which for local UNIX authentication will modify and
+	  rebuild the password database.
+	  Unprivileged users are permitted only to modify their own
+	  password; for UNIX password authentication, the current
+	  password must be provided to set the new password.
+	  With the UNIX password authentication mechanism, the root
+	  user is permitted to change the password of any user
+	  without knowledge of the current password.
+	  This tool executes setuid root so that it may modify the
+	  password file and rebuild the database, even if executed
+	  by a non-root user.</para>
 
-	<para>pwd_mkdb: Rebuild password file database</para>
-	<!-- Runs with user privilege -->
-
-	<para>Each of these will manipulate user home directories, as well
-	  as the password and group files, create and remove mail files,
-	  cron tables, scrub at jobs, etc.</para>
-
-	<para>XXX requires revision</para>
+	<para>pwd_mkdb: Rebuild password file database.
+	  This tool regenerates the binary database files from the
+	  password files.
+	  This tool must be run as root so that adequate privilege is
+	  held to modify the required files.</para>
       </sect3>
     </sect2>
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list