[Bug 1923262] Re: backup /etc/passwd- file should be mode 0600
Seth Arnold
1923262 at bugs.launchpad.net
Fri Apr 9 23:32:55 UTC 2021
Hello, this sounds like surprising advice to me -- afterall the
/etc/passwd file is 644. I don't know what would be the point of hiding
this 'backup' file. Does the benchmark give a rationale for this?
Thanks
** Information type changed from Private Security to Public Security
** Changed in: shadow (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1923262
Title:
backup /etc/passwd- file should be mode 0600
Status in shadow package in Ubuntu:
Incomplete
Bug description:
CIS hardening benchmarks (6.1.6) suggest that the /etc/passwd- file
should be mode 0600 (or more restrictive).
However, this file is 0644 after it is created when the /etc/passwd
file is modified. (Ie, a hardening script that creates a hardened
system for initial use could change this mode, but it will go out of
compliance the next time a backup file is made.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1923262/+subscriptions
More information about the foundations-bugs
mailing list