FEDORA-2010-6290 -- Fedora 13 mod_auth_shadow-2.2-8.fc13ID: oval:org.secpod.oval:def:100169 | Date: (C)2011-11-16 (M)2021-09-30 |
Class: PATCH | Family: unix |
When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". mod_auth_shadow addresses this difficulty by opening a pipe to an suid root program, validate, which does the actual validation. When there is a failure, validate writes an error message to the system log, and waits three seconds before exiting.