Re: permission of shadow file and upgrade the kernel
On Tue, Apr 10, 2007 at 05:52:19AM -0700, ann kok wrote:
> --- Douglas Allan Tutty <dtutty@porchlight.ca> wrote:
> > On Mon, Apr 09, 2007 at 12:47:23PM -0700, ann kok
> > wrote:
> > >
> > > why the permission of the shadow file in debian is
> > > 640?
> > > and
> > > how can I upgrade the kernel?
> > > eg: 686 kernel
> >
> > 1. What do you think the permissions of shadow
> > should be? The only
> > user who needs to read /etc/shadow is root, that is
> > the whole point of
> > having shadow passwords.
> >
> > 2. Assuming you're running etch, just install the
> > linux-image meta
> > package for your arch, it will always depend on the
> > most recent version.
> >
> But I saw most of linux are using 600
> why is debian using 640?
>
> for the upgrade, could you give me more information?
> eg: steps to upgrade
>
Re shadow:
I think the best answer you've already received is that scripts that
need to read shadow only (no write) don't need to run UID root but only
GID root. It then makes more sense (more secure) to give shadow
group-root read permissions.
Re the kernel. Need more information. At what state is your box
currently and to what state would you like it? Are you currenly running
sarge and want to upgrade to etch? What kernel are you currently
running?
Have you read the Etch release notes?
For each flavour of kernel, there exists what is called a meta-package
who's job it is to depend on the most recent version of that flavour.
As new versions become available, the kernel will show up as an
upgradeable package in aptitude. Of course, kernel upgrades are the
ones to be most careful with.
Doug.
Reply to: