I thought that, functionally, /etc/passwd and gorup needed to be 0644 for most applications to function correctly. Things may have changed since the last time I tried it but I seem to remember PAM not being able to find my home directory when I tried to do this once before.
I guess this might not be the case if you put all of your uses in LDAP but then what does it matter that the files are world readable? Thanks, Trevor On Thu, Apr 3, 2014 at 8:26 AM, Jan Lieskovsky <[email protected]> wrote: > > [shared] When checking permissions on /etc/group and /etc/passwd files, > don't require exactly 0644 mode, but allow also systems having > stronger file permissions on these files to meet the tests (IOW make > 0644 mode the minimal safe requirement). > > Please review. > > Thank you && Regards, Jan > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 [email protected] -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
