https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864596#M397309 Errors can result if you make the passwd file permissions 440. <BR /><BR />The biggest issue is that is you make the passwd file permissions 440, then a regular user will see the UID numbers instead of user ids when they do an ls -l.<BR /><BR />Users must be able to read the passwd file in order for ls (and other things) to be able to translate UID numbers to the actual user id names.<BR /><BR /> Thu, 07 Oct 2004 15:14:12 GMT Patrick Wallek 2004-10-07T15:14:12Z https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864595#M397308 Is there any reason the /etc/passwd file must be 444?<BR /><BR />-r--r--r-- 1 root root 10529 Oct 7 15:00 /etc/passwd<BR /><BR /><BR />can i make it 440 (why would you want the world to be able to read the passwd file?)<BR /><BR />-r--r----- 1 root root 10529 Oct 7 15:04 /etc/passwd Thu, 07 Oct 2004 15:08:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864595#M397308 James Odak 2004-10-07T15:08:28Z https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864596#M397309 Errors can result if you make the passwd file permissions 440. <BR /><BR />The biggest issue is that is you make the passwd file permissions 440, then a regular user will see the UID numbers instead of user ids when they do an ls -l.<BR /><BR />Users must be able to read the passwd file in order for ls (and other things) to be able to translate UID numbers to the actual user id names.<BR /><BR /> Thu, 07 Oct 2004 15:14:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864596#M397309 Patrick Wallek 2004-10-07T15:14:12Z https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864597#M397310 By the way, if you are concerned about users seeing encrypted passwords in the /etc/passwd file, then you should convert your machine to trusted mode. Thu, 07 Oct 2004 15:15:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864597#M397310 Patrick Wallek 2004-10-07T15:15:06Z https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864598#M397311 Or, if you don't want trusted - install Shadow Password:<BR /><BR /><A href="http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword" target="_blank">http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword</A><BR /><BR />Rgds...Geoff Thu, 07 Oct 2004 15:18:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864598#M397311 Geoff Wild 2004-10-07T15:18:13Z https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864599#M397312 Hi,<BR /><BR />One of the things that will break when /etc/passwd is set to 440 permissions is the 'whoami' command, which will return 'Intruder alert.' when issued.<BR /><BR />It's kind of fun to change those permissions on a slow day and listen to our Oracle DBAs get excited when they login to a box and see that message. :)<BR /><BR />JP<BR /> Thu, 07 Oct 2004 15:26:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864599#M397312 John Poff 2004-10-07T15:26:34Z https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864600#M397313 440 will not allow users to use a number of commands like ls -l or ll. Every time you list a directory to show ownership, the passwd file must be read to decode the UID into a name. The passwd file must always be readable. The encrypted password cannot be decrypted but can be guessed which is the reason to enable Trusted System or use the new (11.11 only) Shadow Password feature. Thu, 07 Oct 2004 15:27:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864600#M397313 Bill Hassell 2004-10-07T15:27:32Z https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864601#M397314 Thanks Wed, 12 Jan 2005 16:32:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-passwd-permission/m-p/4864601#M397314 James Odak 2005-01-12T16:32:13Z