Necessary to leave the archive /etc/shadow with permission 644.
chmod 644 /etc/shadow All OK.

But when dumb the password of an user the permissions move automatiamente for 600!

How to decide this?

root@firewall /etc# chown root:shadow-readers shadow
root@firewall /etc# ls -la
-rw-r----- 1 root shadow-readers 1262 Sep 12 13:20 shadow

He is perfect thus!

But when I modify the password of an user:

root@firewall /etc# passwd cesar
Changing password for user cesar.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

root@firewall /etc# ls -la
-rw------- 1 root root 1262 Sep 12 13:42 shadow

It comes back the permissions
When I modify the password of a using return these permissions.
Somebody knows as to decide this?

thankz

letting users read /etc/shadow is bad security.......
someone can hack your box and use it to send out spam/porn etc........

The server, necessary is very safe to make this to function one modulates PAM AUTH, of the apache.

chmod is 640. only for the group shadow-readers, that 1 software goes to use

it will be that he is bug of kernel?

Somebody can help me please

help please

http://pam.sourceforge.net/mod_auth_pam/shadow.html

1)
root@firewall /etc# chmod 640 shadow
root@firewall /etc# chown root:shadow-readers shadow
root@firewall /etc# ls -la
-rw-r----- 1 root shadow-readers 1262 Sep 12 13:20 shadow

He is perfect thus!!!

2)
root@firewall /etc# passwd cesar
Changing password for user cesar.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

###############################################################
root@firewall /etc# ls -la
-rw------- 1 root root 1262 Sep 12 13:42 shadow
????????????????????????????
?????

It comes back the permissions
When I modify the password of a using return these permissions.
Somebody knows as to decide this?

As far as I know, /etc/shadow should be readable by no one but root. Your system may vary.

So it looks like:
-rwx------ root root shadow

This is the folder where the "real" passwords are kept. When Linux needs to look up something, it can magically get the access that it needs. But no one else can.

You should not make the shadow directory "world-readable." Even though the passwords inside are scrambled, there is no good reason to allow anyone to even see them.

Debtor for its reply. Friend my English is half bad, I followed passes of this site, http://pam.sourceforge.net/mod_auth_pam/.

He does not have as to make this?
Everything was functioning perfectly, but when dumb the password happens this problem.

You can show an example for commands, you are more easy I to understand.

I promise that I go to learn fast the English.

Very thankz!

Its definately not a bug of the kernel or anything else - the system is trying to stop you doing something which could be very bad. Are you running Mandrake/Mandriva? Is so disable msec or set the security level to something really permissive. Are you running a Redhat distro that has SELinux enabled? I'm sorry I can't be more help but these are the things you should be looking for - programs designed to secure your distro which may be getting in your way.

I am using distro TSL.
Based in Red Hat 8.

I know that the system is making for protection, but necessary of this, it does not have problem some...
A software only goes to use this group, nothing goes to compremeter the security.

Necessary of this, to decide my problem, Before an archive (Unsafe between quotations marks) but functioning of that something safe that it does not function.

It will be that a way does not exist to decide this?

The same software we use in the OpenBSD, and functions normally.

With linux this is happening

I tried it on my Centos 4.1 (based on RHEL4) here at work and its fine. Its not a problem with Linux but just with whatever specific distro or setup you've got.