Subject: Re: chflags script?
To: Michael Richardson <>
From: Dr. Lex Wennmacher <wennmach@geo.Uni-Koeln.DE>
List: tech-security
Date: 08/15/1999 23:24:23
On Sat, Aug 14, 1999 at 02:14:10PM -0400, Michael Richardson wrote:
> [...]
>   Are the problems in that /etc/passwd isn't protected, or is protected and
> thus things like passwd don't work?

The latter, unless you reset the sappnd flag on the /etc directory.
Generally, you want to have the sappnd flag set on /etc, so that it
becomes impossible to remove or rename /etc. (Directories with the
sappnd flag set may not be removed nor renamed, nor may files in them
be deleted, however new files may be created). passwd(1) generates
temporary files in /etc, which can't be removed anymore.

Here is what happens if you have the sappnd flag set on /etc:

hal:~ >passwd
Changing local password for wennmach.
Old password:
New password:
Retype new password:
pwd_mkdb: //etc/pwd.db.tmp to //etc/pwd.db: Operation not permitted
pwd_mkdb: unlink(//etc/spwd.db.tmp): Operation not permitted
pwd_mkdb: unlink(//etc/pwd.db.tmp): Operation not permitted
passwd: /etc/master.passwd: unchanged

(taking hal to single user now to reset sappnd on /etc ;-( )

-- Lex