Re: Linux passwd references.

Jason Burrell (
Fri, 9 May 1997 11:35:38 -0500 (CDT)

On Fri, 9 May 1997, Matthew Haas wrote:

> Hello.
> I was wondering- how many programs rely on the presence of /etc/passwd ?
> If it were to be changed in the source code to reside in a different
> location under a different name, the kernel shouldn't have any problem,
> but what about programs like chfn? I was thinking that if I were to do
> this, it would be harder for a hacker to get to my passwd file, as 1) they
> don't know where it is, and 2) they don't know what it is.
> Not traditional Unix structure, I know...but for good security I think I
> could handle it.
> So my main questions are:
> Would anything break (that is known of) if I were to do this?

This is something that gets asked from time to time, and it's a bad idea.
This will break anything that references the passwords of users, happens
to delve into /etc/passwd to get UIDs or GIDs, anything that tries to get
the finger information of users, anything that tries to get the home
directories of users, etc. A good number of processes like to open
/etc/passwd for no really good reason too.

> Where in the source would this change be located? I have combed it over
> looking for reference to 'passwd', but have had no luck, I have both done
> a find and a grep.

That isn't a kernel thing. The kernel doesn't care about /etc/passwd. It
only cares about UIDs and GIDs.

I think what you really want to do is install shadow passwording. That
will remove the crypt()ed password strings from /etc/passwd, while still
letting most things work. I believe altering source of the things that
don't work to go somewhere else, like PAM, for passwords is trivial,
though I've never tried it. If you're running RedHat, I think they have an
RPM to set it up.

Good government. Good government. Sit. Stay.