Douglas Allan Tutty wrote:
On Mon, Apr 09, 2007 at 12:47:23PM -0700, ann kok wrote:Hi allwhy the permission of the shadow file in debian is 640?
---deleted
1. What do you think the permissions of shadow should be? The only user who needs to read /etc/shadow is root, that is the whole point of having shadow passwords.
---deleted
Doug.
One might wonder why it isn't just 600, if the only user needing access is root? The answer may be in the permissions and owner/group:
-rw-r----- 1 root shadow ....It would appear there are (or could potentially be) tools that need to only read the file. Rather than make them set uid to root, which would give them rw permission, they are set gid so they have ro permission, which limits the damage they could potentially do.
Bob
smime.p7s
Description: S/MIME Cryptographic Signature
