On Tue, 2002-09-24 at 00:04, Steven Young wrote: > > > Proper permissions: > > > > > > ls -la /etc/passwd /etc/shadow > > > -rw------- 1 root root 9839 Sep 18 23:55 /etc/passwd > > > -rw------- 1 root root 6487 Sep 18 23:55 /etc/shadow > > > > Not exactly right. /etc/passwd *should* be world readable. > > The point of separation of /etc/passwd and /etc/shadow back > > in ca. 1990 was to protect password hashes while still > > letting non-proviledged processes use getpw*() family of > > functions. That have lots of legitimate uses. > > Ummm, errrr, so what's going on with my /etc/shadow ? Surely I should > have root write permission for this file? > > [mycmdprompt]# ls -la /etc/passwd /etc/shadow > -rw-r--r-- 1 root root 2450 Sep 4 15:34 /etc/passwd > -r-------- 1 root root 1539 Sep 4 15:34 /etc/shadow
You don't *need* to have write permission for /etc/shadow but if you have, that won't harm. The point is that /etc/passwd should be world readable and /etc/shadow should *not* be world-readable. The rest does not matter. Root has read and write access to all files regardless of their attributes (modulo "chattr +i"). Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
