why can’t we protect the password file so that only the system can read it?


can’t we design an OS in such a way that it doesn’t allow anyone(not even root) to read the passwords file?. Then there will be no need for encrypting the passwords. Why can’t we hard-code a computer to hide it’s password file?

I was reading Cuckoo’s egg by Clifford Stoll on page 32, I didn’t understand why encrypting passwords is necessary why can’t we program the computer so that it ‘hides’ the password file from all users?

here is the excerpt:

When your computer has fifty or a hundred users, you might just store each person’s password in a file. When the user tries to log on, ask for her password and compare that to what’s in your file. In a friendly environment, no problem. But how do you keep someone from sneaking a peek at that password file? Well, protect the password file so that only the system can read it. Even if you protect the password file, every now and then all the files will be copied onto backup tapes. Even a novice programmer could read those tapes on another computer and list the contents of the password file. File protection alone isn’t enough. In 1975, Bob Morris and Fred Grampp of Bell Laboratories developed a way to protect passwords, even when files weren’t secure. They would rely on encryption, rather than file protection.