2 files changed, 7 insertions, 11 deletions

diff --git a/usr/src/cmd/passwd/passwd.c b/usr/src/cmd/passwd/passwd.c
index e155f357f1..851de6f237 100644
--- a/usr/src/cmd/passwd/passwd.c
+++ b/usr/src/cmd/passwd/passwd.c
@@ -1066,14 +1066,6 @@ ckarg(int argc, char **argv, attrlist **attributes)
 			if (repository.type == NULL)
 				repository = __REPFILES;
 
-			/*
-			 * Only privileged process can execute this
-			 * for FILES
-			 */
-			if (IS_FILES(repository) && (ckuid() != SUCCESS)) {
-				retval = NOPERM;
-				return (FAIL);
-			}
 			if (flag & (EFLAG|SAFLAG|AGEFLAG)) {
 				retval = BADOPT;
 				return (FAIL);
diff --git a/usr/src/man/man1/passwd.1 b/usr/src/man/man1/passwd.1
index d7735ddf0f..c58f6e592b 100644
--- a/usr/src/man/man1/passwd.1
+++ b/usr/src/man/man1/passwd.1
@@ -439,9 +439,7 @@ returned by \fBdomainname\fR(1M).
 .ad
 .RS 17n
 .rt  
-Changes the login shell. For the \fBfiles\fR repository, this only works for
-the superuser. Normal users can change the \fBldap\fR, \fBnis\fR, or
-\fBnisplus\fR repositories. The choice of shell is limited by the requirements
+Changes the login shell. The choice of shell is limited by the requirements
 of \fBgetusershell\fR(3C). If the user currently has a shell that is not
 allowed by \fBgetusershell\fR, only root can change it.
 .RE
@@ -1200,6 +1198,12 @@ Changing a password reactivates an account deactivated for inactivity for the
 length of the inactivity period.
 .sp
 .LP
+If \fB/etc/shells\fR is present, and is corrupted, it may provide an attack
+vector that would compromise the system.  The \fBgetusershell\fR(3c) library
+call has a pre-vetted list of shells, so /etc/shells should be used with
+caution.
+.sp
+.LP
 Input terminal processing might interpret some key sequences and not pass them
 to the \fBpasswd\fR command.
 .sp