[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] /etc/shadow
- Subject: RE: [cobalt-security] /etc/shadow
- From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Wed, 6 Feb 2002 08:24:28 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
M. Dinh wrote:
> I'm sorry for my stupidity
> What's wrong if you have /etc/shadow set to
> -r--------?
Erm, nothing...
The entire point of /etc/shadow is that the crypted or MD5 passwords are
copied out from /etc/passwd (old-fashioned, world readable) to /etc/shadow
(root readable only) so that nefarious users can't copy the entire contents
of your password file and then attempt to brute-force it through a
dictionary checker.
I'd be much, much more worried if it's world readable since then any user
can view the content.
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC