Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The shadow file is specifically designed to be read ONLY by root. The point in this file is to prevent people from seeing your encrypted passwords because there are commands like "crack" than can figure out many passwords from their encrypted values. Prior to introduction of the shadow file the encrypted passwords were stored in /etc/passwd and if they weren't properly formed were very easy to break.
Why do you want to make this file 640? Perhaps there's another way to accomplish your purpose that doesn't break intrinsic security of the system.
My default SuSE installation created the /etc/shadow file as 640 with root:shadow ownership.
It is possible that a Linux hardening technique has made the file 600. Do you have a cron job that runs chkstat? If so you can look at the /etc/permissions, /etc/permissions.local files and the files in /etc/permissions.d if you have these files and directories. These are part of the SuSE configuration. I don't know about other distributions. (I haven't looked into this on Debian yet even though I listed Debian as one of my distros.)
This may have something to do with PAM. I don't know because I have a lot to learn about PAM. See if you can check the PAM configuration files. Look for things to do with the Apache user account or the Apache authorization process. Look at the Red Hat web site for more information about how Red Hat has set up the PAM configuration. Good luck.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.