More PATH fallout. Who decided this was a good idea?

Enrico Scholz enrico.scholz at
Sun Dec 7 16:31:54 UTC 2008

Steve Grubb <sgrubb at> writes:

> 5) We must audit changes to trusted databases
> To accomplish this, we instrument the shadow-utils code. This lets
> us see who modified any account and which account and how it was
> modified. You can find these in your audit logs ny looking for
> ausearch --start this-month -m ADD_USER

# vipw

# ausearch --start this-month -m ADD_USER


$ ldapadd
dn: uid=foo,...

# ausearch --start this-month -m ADD_USER

Both 'vipw' and 'ldapadd' are official and documented tools to manage
user database.

> The utilities that would allow you to modify it cannot be accessed
> unless you are root.

Sounds like "when the algorithm is hidden, the crypto mechanism is


More information about the fedora-devel-list mailing list