Re: permission of shadow file and upgrade the kernel

To: debian-user@lists.debian.org
Subject: Re: permission of shadow file and upgrade the kernel
From: Bob McGowan <bob_mcgowan@symantec.com>
Date: Mon, 09 Apr 2007 17:37:05 -0700
Message-id: <[🔎] 461ADC31.9040803@symantec.com>
In-reply-to: <[🔎] 20070409200448.GA12885@titan>
References: <[🔎] 20070409194723.48697.qmail@web53312.mail.re2.yahoo.com> <[🔎] 20070409200448.GA12885@titan>

Douglas Allan Tutty wrote:

On Mon, Apr 09, 2007 at 12:47:23PM -0700, ann kok wrote:

Hi all

why the permission of the shadow file in debian is
640?


---deleted


1.	What do you think the permissions of shadow should be?  The only
user who needs to read /etc/shadow is root, that is the whole point of
having shadow passwords.


---deleted

Doug.

One might wonder why it isn't just 600, if the only user needing accessis root? The answer may be in the permissions and owner/group:


  -rw-r----- 1 root shadow ....

It would appear there are (or could potentially be) tools that need toonly read the file. Rather than make them set uid to root, which wouldgive them rw permission, they are set gid so they have ro permission,which limits the damage they could potentially do.

Bob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply to:

Follow-Ups:
- Re: permission of shadow file and upgrade the kernel
  - From: Greg Folkert <greg@gregfolkert.net>

References:
- permission of shadow file and upgrade the kernel
  - From: ann kok <annkok2001@yahoo.com>
- Re: permission of shadow file and upgrade the kernel
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>

Prev by Date: Re: Does Debian 4.0 support WindowsXP partition
Next by Date: Re: permission of shadow file and upgrade the kernel
Previous by thread: Re: permission of shadow file and upgrade the kernel
Next by thread: Re: permission of shadow file and upgrade the kernel
Index(es):
- Date
- Thread