HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- /etc/passwd file security
Operating System - HP-UX
1838682
Members
4768
Online
110128
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2001 02:18 PM
07-06-2001 02:18 PM
Our Data Security people enter the Social Security Number of users in one of the optional fields when entering new users. This is required for identification purposes with the BMC program we use.
Problem: How can I keep others from viewing the /etc/passwd file? Some of the DBA's are very leary about their SSN being viewable by all. This file has to be readable by all if I am correct.
Any ideas will be greatly appreciated.
Points assigned--as always!! Andy
Problem: How can I keep others from viewing the /etc/passwd file? Some of the DBA's are very leary about their SSN being viewable by all. This file has to be readable by all if I am correct.
Any ideas will be greatly appreciated.
Points assigned--as always!! Andy
It is, after all, a matter of survival!!
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2001 02:37 PM
07-06-2001 02:37 PM
Solution
Very bad things will happen if you make /etc/passwd non-world-readible. I suggest putting this somewhere other than /etc/passwd or using something other than SSN's (which you have a legal obligation to keep private).
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2001 06:49 PM
07-06-2001 06:49 PM
Re: /etc/passwd file security
Hmmm.....I don't like where this is going. You can't make the passwd file so it is not readable by everyone. Things won't behave well. Having SSNs in the passwd file is a VERY BAD idea. If you really want to get technical with the law, you CAN NOT use someones SSN for identification purposes. The only thing the SSN can be used for is for it's purpose, Social Security. The law isn't enforced well, but as far as I know that is the law.
Even going to a trusted system won't help you in this case as the password field is the main information that is kept in the /tcb directory. The /etc/passwd still has to be readable by all.
Why does the BMC stuff need an SSN? That seems VERY strange to me. I'd look at assigning an employee id # that is something other than the SSN. At my present employer, the numbers that someone came up with were z######. This number was used for ALL company business. The only thing that need the SSN was the W-4 (I think) form for the IRS.
I'd say you are on very shaky ground with the SSN issue. If someone were dishonest, all they really need is a name and an SSN and they can really cause a person some major problems with their credit rating, and a host of other things.
Something to think about.
Even going to a trusted system won't help you in this case as the password field is the main information that is kept in the /tcb directory. The /etc/passwd still has to be readable by all.
Why does the BMC stuff need an SSN? That seems VERY strange to me. I'd look at assigning an employee id # that is something other than the SSN. At my present employer, the numbers that someone came up with were z######. This number was used for ALL company business. The only thing that need the SSN was the W-4 (I think) form for the IRS.
I'd say you are on very shaky ground with the SSN issue. If someone were dishonest, all they really need is a name and an SSN and they can really cause a person some major problems with their credit rating, and a host of other things.
Something to think about.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP