HPE Community
Operating System - HP-UX
1752297 Members
5026 Online
108786 Solutions
New Discussion юеВ

/etc/passwd permission

 
SOLVED
Go to solution
James Odak
Valued Contributor

тАО10-07-2004 08:08 AM

тАО10-07-2004 08:08 AM

/etc/passwd permission

Is there any reason the /etc/passwd file must be 444?

-r--r--r-- 1 root root 10529 Oct 7 15:00 /etc/passwd


can i make it 440 (why would you want the world to be able to read the passwd file?)

-r--r----- 1 root root 10529 Oct 7 15:04 /etc/passwd
0 Kudos
6 REPLIES 6
Patrick Wallek
Honored Contributor

тАО10-07-2004 08:14 AM

тАО10-07-2004 08:14 AM

Solution

Re: /etc/passwd permission

Errors can result if you make the passwd file permissions 440.

The biggest issue is that is you make the passwd file permissions 440, then a regular user will see the UID numbers instead of user ids when they do an ls -l.

Users must be able to read the passwd file in order for ls (and other things) to be able to translate UID numbers to the actual user id names.

0 Kudos
Patrick Wallek
Honored Contributor

тАО10-07-2004 08:15 AM

тАО10-07-2004 08:15 AM

Re: /etc/passwd permission

By the way, if you are concerned about users seeing encrypted passwords in the /etc/passwd file, then you should convert your machine to trusted mode.
0 Kudos
Geoff Wild
Honored Contributor

тАО10-07-2004 08:18 AM

тАО10-07-2004 08:18 AM

Re: /etc/passwd permission

Or, if you don't want trusted - install Shadow Password:

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
John Poff
Honored Contributor

тАО10-07-2004 08:26 AM

тАО10-07-2004 08:26 AM

Re: /etc/passwd permission

Hi,

One of the things that will break when /etc/passwd is set to 440 permissions is the 'whoami' command, which will return 'Intruder alert.' when issued.

It's kind of fun to change those permissions on a slow day and listen to our Oracle DBAs get excited when they login to a box and see that message. :)

JP
0 Kudos
Bill Hassell
Honored Contributor

тАО10-07-2004 08:27 AM

тАО10-07-2004 08:27 AM

Re: /etc/passwd permission

440 will not allow users to use a number of commands like ls -l or ll. Every time you list a directory to show ownership, the passwd file must be read to decode the UID into a name. The passwd file must always be readable. The encrypted password cannot be decrypted but can be guessed which is the reason to enable Trusted System or use the new (11.11 only) Shadow Password feature.


Bill Hassell, sysadmin
0 Kudos
James Odak
Valued Contributor

тАО01-12-2005 08:32 AM

тАО01-12-2005 08:32 AM

Re: /etc/passwd permission

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.