HPE Community
Operating System - HP-UX
1753838 Members
8673 Online
108806 Solutions
New Discussion юеВ

Re: Permissions and owners of passwd and group

 
SOLVED
Go to solution
Kerry Swemmer
Occasional Contributor

тАО10-12-2005 02:54 AM

тАО10-12-2005 02:54 AM

Permissions and owners of passwd and group

Hi All,

Our Tivoli monitor is complaining that the permissions and owners of our /etc/passwd and group files are wrong, as below. Does anybody know why they would complain about these settings? What would the recommended settings be? If they are meant to stay as is, what is the argument in favour of the current settings?

Tivoli says:-
The file /etc/group has the illegal group bin as its owner.
The file /etc/passwd has the wrong file mode, -r--r--r--.
The user bin should not own the security-sensitive file /etc/group.

The settings are:-
-r--r--r-- 1 root other 1799 Sep 26 13:30 passwd
-r--r--r-- 1 bin bin 352 Jul 29 17:32 group

All comments are welcome.

Thanx,
Kerry.
0 Kudos
Reply
3 REPLIES 3
Jeff Schussele
Honored Contributor

тАО10-12-2005 02:55 AM

тАО10-12-2005 02:55 AM

Re: Permissions and owners of passwd and group

Hi Kerry,

Should be:

group 444 bin/bin
passwd 444 root/root

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО10-12-2005 02:58 AM

тАО10-12-2005 02:58 AM

Re: Permissions and owners of passwd and group

mine are 444 and root:sys

As long as it belongs to a restricted access group, and root ownership, you should be okay with 444 permissions
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Alex Lavrov.
Honored Contributor

тАО10-12-2005 03:00 AM

тАО10-12-2005 03:00 AM

Solution

Re: Permissions and owners of passwd and group

I used Tivoli and I'm familiar with this issue. The permissions must be like it was said above me, and just ignore Tivoli mesasges, because they are wrong.

Contact IBM support about it, maybe they have patches for it.

Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.