LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 09-12-2005, 10:45 AM   #1
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Rep: Reputation: 30
chmod 644 /etc/shadow


Necessary to leave the archive /etc/shadow with permission 644.
chmod 644 /etc/shadow All OK.

But when dumb the password of an user the permissions move automatiamente for 600!

How to decide this?
 
Old 09-12-2005, 11:45 AM   #2
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
root@firewall /etc# chown root:shadow-readers shadow
root@firewall /etc# ls -la
-rw-r----- 1 root shadow-readers 1262 Sep 12 13:20 shadow

He is perfect thus!

But when I modify the password of an user:

root@firewall /etc# passwd cesar
Changing password for user cesar.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

root@firewall /etc# ls -la
-rw------- 1 root root 1262 Sep 12 13:42 shadow

It comes back the permissions
When I modify the password of a using return these permissions.
Somebody knows as to decide this?

thankz
 
Old 09-12-2005, 11:49 AM   #3
freakyg
Member
 
Registered: Apr 2005
Distribution: LFS 5.0 and 6.1
Posts: 705

Rep: Reputation: 30
letting users read /etc/shadow is bad security.......
someone can hack your box and use it to send out spam/porn etc........
 
Old 09-12-2005, 11:55 AM   #4
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
The server, necessary is very safe to make this to function one modulates PAM AUTH, of the apache.
 
Old 09-12-2005, 11:57 AM   #5
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
chmod is 640. only for the group shadow-readers, that 1 software goes to use
 
Old 09-12-2005, 01:47 PM   #6
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
it will be that he is bug of kernel?

Somebody can help me please
 
Old 09-12-2005, 03:39 PM   #7
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
help please
 
Old 09-12-2005, 03:44 PM   #8
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
http://pam.sourceforge.net/mod_auth_pam/shadow.html

1)
root@firewall /etc# chmod 640 shadow
root@firewall /etc# chown root:shadow-readers shadow
root@firewall /etc# ls -la
-rw-r----- 1 root shadow-readers 1262 Sep 12 13:20 shadow

He is perfect thus!!!

2)
root@firewall /etc# passwd cesar
Changing password for user cesar.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

###############################################################
root@firewall /etc# ls -la
-rw------- 1 root root 1262 Sep 12 13:42 shadow
????????????????????????????
?????

It comes back the permissions
When I modify the password of a using return these permissions.
Somebody knows as to decide this?
 
Old 09-12-2005, 03:56 PM   #9
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,377

Rep: Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108
As far as I know, /etc/shadow should be readable by no one but root. Your system may vary.

So it looks like:
-rwx------ root root shadow

This is the folder where the "real" passwords are kept. When Linux needs to look up something, it can magically get the access that it needs. But no one else can.

You should not make the shadow directory "world-readable." Even though the passwords inside are scrambled, there is no good reason to allow anyone to even see them.
 
Old 09-12-2005, 05:21 PM   #10
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
Debtor for its reply. Friend my English is half bad, I followed passes of this site, http://pam.sourceforge.net/mod_auth_pam/.

He does not have as to make this?
Everything was functioning perfectly, but when dumb the password happens this problem.

You can show an example for commands, you are more easy I to understand.

I promise that I go to learn fast the English.

Very thankz!
 
Old 09-12-2005, 06:09 PM   #11
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
Quote:
it will be that he is bug of kernel?
Its definately not a bug of the kernel or anything else - the system is trying to stop you doing something which could be very bad. Are you running Mandrake/Mandriva? Is so disable msec or set the security level to something really permissive. Are you running a Redhat distro that has SELinux enabled? I'm sorry I can't be more help but these are the things you should be looking for - programs designed to secure your distro which may be getting in your way.
 
Old 09-12-2005, 06:13 PM   #12
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
I am using distro TSL.
Based in Red Hat 8.
 
Old 09-12-2005, 06:23 PM   #13
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
I know that the system is making for protection, but necessary of this, it does not have problem some...
A software only goes to use this group, nothing goes to compremeter the security.

Necessary of this, to decide my problem, Before an archive (Unsafe between quotations marks) but functioning of that something safe that it does not function.
 
Old 09-12-2005, 06:26 PM   #14
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 194

Original Poster
Rep: Reputation: 30
It will be that a way does not exist to decide this?

The same software we use in the OpenBSD, and functions normally.

With linux this is happening
 
Old 09-12-2005, 08:03 PM   #15
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
I tried it on my Centos 4.1 (based on RHEL4) here at work and its fine. Its not a problem with Linux but just with whatever specific distro or setup you've got.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Will this command work? chmod -R 644 *.php abefroman Programming 3 10-22-2005 08:26 AM
What can we do if we type chmod ugo-x /bin/chmod ?????? bunny123 Linux - Software 3 02-01-2005 08:53 PM
/etc/shadow- (notice the dash after the word shadow) shellcode Linux - Security 1 09-03-2004 04:54 AM
CHMOD in shell : chmod 777 /usr/ <---is that right? cpanelskindepot Programming 5 07-16-2004 05:37 AM
Apache and php + chmod 644 daveo Linux - General 2 10-10-2003 08:33 AM


All times are GMT -5. The time now is 08:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration