Hi
root user creates a user using the useradd command. This command creates an entry in the /etc/passwd file. /etc/passwd file has rw permission for the root user. Now, if I happen to remove the w permission for the root user, useradd command still is successfully creating entry in the /etc/passwd file. I understand there is nothing related to suid here.
Please advice how this works?
simply put, root gets to break the rules.
/etc/passwd should have permissions 444 .
The "passwd" command has SUID permissions as root which is how users can update their password.
As long as it's not asking for something physically impossible, root can do it.
# as root
$ touch /tmp/asdf
$ chmod 000 /tmp/asdf
$ echo asdf > /tmp/asdf
$ cat /tmp/asdf
asdf
$ ls -l /tmp/asdf
---------- 1 root root 5 Jan 25 14:16 /tmp/asdf
$