LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   chmod 644 /etc/shadow (https://www.linuxquestions.org/questions/linux-general-1/chmod-644-etc-shadow-362670/)

stomach 09-12-2005 10:45 AM

chmod 644 /etc/shadow
 
Necessary to leave the archive /etc/shadow with permission 644.
chmod 644 /etc/shadow All OK.

But when dumb the password of an user the permissions move automatiamente for 600!

How to decide this?

stomach 09-12-2005 11:45 AM

root@firewall /etc# chown root:shadow-readers shadow
root@firewall /etc# ls -la
-rw-r----- 1 root shadow-readers 1262 Sep 12 13:20 shadow

He is perfect thus!

But when I modify the password of an user:

root@firewall /etc# passwd cesar
Changing password for user cesar.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

root@firewall /etc# ls -la
-rw------- 1 root root 1262 Sep 12 13:42 shadow

It comes back the permissions :(
When I modify the password of a using return these permissions.
Somebody knows as to decide this?

thankz

freakyg 09-12-2005 11:49 AM

letting users read /etc/shadow is bad security.......
someone can hack your box and use it to send out spam/porn etc........

stomach 09-12-2005 11:55 AM

The server, necessary is very safe to make this to function one modulates PAM AUTH, of the apache.

stomach 09-12-2005 11:57 AM

chmod is 640. only for the group shadow-readers, that 1 software goes to use

stomach 09-12-2005 01:47 PM

it will be that he is bug of kernel?

Somebody can help me please

stomach 09-12-2005 03:39 PM

:( :scratch: help please

stomach 09-12-2005 03:44 PM

http://pam.sourceforge.net/mod_auth_pam/shadow.html

1)
root@firewall /etc# chmod 640 shadow
root@firewall /etc# chown root:shadow-readers shadow
root@firewall /etc# ls -la
-rw-r----- 1 root shadow-readers 1262 Sep 12 13:20 shadow

He is perfect thus!!!

2)
root@firewall /etc# passwd cesar
Changing password for user cesar.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

###############################################################
root@firewall /etc# ls -la
-rw------- 1 root root 1262 Sep 12 13:42 shadow
????????????????????????????
?????

It comes back the permissions
When I modify the password of a using return these permissions.
Somebody knows as to decide this?

sundialsvcs 09-12-2005 03:56 PM

As far as I know, /etc/shadow should be readable by no one but root. Your system may vary.

So it looks like:
-rwx------ root root shadow

This is the folder where the "real" passwords are kept. When Linux needs to look up something, it can magically get the access that it needs. But no one else can.

You should not make the shadow directory "world-readable." Even though the passwords inside are scrambled, there is no good reason to allow anyone to even see them.

stomach 09-12-2005 05:21 PM

Debtor for its reply. Friend my English is half bad, I followed passes of this site, http://pam.sourceforge.net/mod_auth_pam/.

He does not have as to make this?
Everything was functioning perfectly, but when dumb the password happens this problem.

You can show an example for commands, you are more easy I to understand.

I promise that I go to learn fast the English.

Very thankz!

tkedwards 09-12-2005 06:09 PM

Quote:

it will be that he is bug of kernel?
Its definately not a bug of the kernel or anything else - the system is trying to stop you doing something which could be very bad. Are you running Mandrake/Mandriva? Is so disable msec or set the security level to something really permissive. Are you running a Redhat distro that has SELinux enabled? I'm sorry I can't be more help but these are the things you should be looking for - programs designed to secure your distro which may be getting in your way.

stomach 09-12-2005 06:13 PM

I am using distro TSL.
Based in Red Hat 8.

stomach 09-12-2005 06:23 PM

I know that the system is making for protection, but necessary of this, it does not have problem some...
A software only goes to use this group, nothing goes to compremeter the security.

Necessary of this, to decide my problem, Before an archive (Unsafe between quotations marks) but functioning of that something safe that it does not function.

stomach 09-12-2005 06:26 PM

It will be that a way does not exist to decide this?

The same software we use in the OpenBSD, and functions normally.

With linux this is happening

tkedwards 09-12-2005 08:03 PM

I tried it on my Centos 4.1 (based on RHEL4) here at work and its fine. Its not a problem with Linux but just with whatever specific distro or setup you've got.


All times are GMT -5. The time now is 04:47 AM.