If you expect to pass any kind of security audit, the perms on
/etc/shadow must be 0600. Since it contains the actual password hashes
no one can read it except root to prevent bad puppies from getting the
hashes so they can reverse the hash by brute force on some other host.
Before everyone gathers the villagers, pitchforks and torches, I made a mistake.
I crossed passwd with shadow in my response.
With that said, I was going to let it die with Frank's response, but I can see folks
will keep at it. Just let it die. It's an off topic question related with how linux permissions
work not with the audit subsystem.
On 9/24/2018 3:50 AM, Frank Thommen wrote:
> All systems I know disallow reading of /etc/shadow for others or even
> group (for good reasons). Hence sudo would be required.
>
> frank
>
>
> On 09/24/2018 06:35 AM, William Roberts wrote:
>> Sorry for the HTML...
>>
>> This seems off topic. This is list for questions surrounding the linux
>> audit subsystem.
>>
>> That file is usually user=root group=root mode=0644. Ie read only for
>> all, writeable for user root. No sudoers entry needed for read access.
>>
>> On Sun, Sep 23, 2018, 21:30 khalid fahad <kfgm2001@gmail.com
>> <mailto:kfgm2001@gmail.com>> wrote:
>>
>> Hi,
>> What is the sudoers entry created to allow localuser to cat
>> /etc/shadow)
>> Thanks
>>
>> --
>> Linux-audit mailing list
>> Linux-audit@redhat.com <mailto:Linux-audit@redhat.com>
>> https://www.redhat.com/mailman/listinfo/linux-audit
>>
>>
>>
>> --
>> Linux-audit mailing list
>> Linux-audit@redhat.com
>> https://www.redhat.com/mailman/listinfo/linux-audit
>>
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit