[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] /etc/shadow

Subject: RE: [cobalt-security] /etc/shadow
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Wed, 6 Feb 2002 08:24:28 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

M. Dinh wrote:
> I'm sorry for my stupidity
> What's wrong if you have /etc/shadow set to 
> -r--------?

Erm, nothing...

The entire point of /etc/shadow is that the crypted or MD5 passwords are
copied out from /etc/passwd (old-fashioned, world readable) to /etc/shadow
(root readable only) so that nefarious users can't copy the entire contents
of your password file and then attempt to brute-force it through a
dictionary checker.

I'd be much, much more worried if it's world readable since then any user
can view the content.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: [cobalt-security] /etc/shadow
Next by Date: Re: [cobalt-security] /etc/shadow
Previous by thread: Re: [cobalt-security] /etc/shadow
Next by thread: [cobalt-security] a root web must first be enabled in the sitesettings?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index