mirror of
https://github.com/shadow-maint/shadow.git
synced 2026-01-26 05:57:53 +00:00
d012c2ba68
The PAM support was only enabled with configure option --enable-account-tools-setuid. The other account tools would use PAM then to verify that the user is granted elevated permissions for actions which normally only root can do. In chage, however, any non-root user who does not specify the -l command line option is denied access in check_perms. The check for being root or not is done with getuid, so non-root users cannot change user account's aging information in any possible way since more than 18 years by now. It's safe to say that nobody misses this non-existing feature. Biggest benefit is to get chage out of the ACCT_TOOLS_SETUID group of tools. Reviewed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>