The cisecurity guide is wrong. While there is info that could be leveraged, but on a modern system the really sensitive information is split out into /etc/shadow (which very much should be only readable by root). The reality is that on a modern system /etc/passwd needs to be world readable (it is the local user db) for several applications that users can and do use (eg. ls being able to display who owns a file).
If /etc/passwd is world readable, there is no point in changing the permissions on the backup file. If you don't want /etc/passwd be available to all applications/users. You can use a MAC system to further restrict access to /etc/passwd and its backup file. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1923262 Title: backup /etc/passwd- file should be mode 0600 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1923262/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
