[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [cobalt-security] /etc/shadow

Subject: Re[2]: [cobalt-security] /etc/shadow
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: Wed, 6 Feb 2002 14:05:30 +0300 (MSK)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Tue, 5 Feb 2002 21:22:06 -0500 Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

> On Tuesday 05 February 2002 08:06 pm, M. Dinh wrote:
> > I'm sorry for my stupidity
> > What's wrong if you have /etc/shadow set to
> > -r--------?
> 
> Somebody is up to dirty tricks!!!
> it should be
> -rw-r--r--
> -rw-r--r--   1 root     root         1020 Dec 19 13:36 /etc/passwd

Don't teach people wrong things.  /etc/passwd should be world-readable,
/etc/shadow should not.  /etc/shadow's writability for the owner in fact
does not matter because it is only read and written by root, and root have
read/write access to all files regardless of permission flags.

> Kind of difficult to enter a new user / password if no one can write to
> the  file.

Not in this case.

In some distributions, /etc/shadow has permissions 0600, but if it has
0400, there is nothing wrong.  If it is readable to group or world, *this* is
very wrong because it defeats the whole purpose of shadowing the passwords.

Eugene

References:
- Re: [cobalt-security] /etc/shadow
  - From: M. Dinh
- Re: [cobalt-security] /etc/shadow
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] /etc/shadow
Next by Date: Re: [cobalt-security] /etc/shadow
Previous by thread: Re: [cobalt-security] /etc/shadow
Next by thread: [cobalt-security] Secureing PHP.ini

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index