Dev1 Galaxy Forum / Secure /etc/passwd ?

Re: Secure /etc/passwd ?

dummy@example.com (hevidevi) — Sat, 12 Mar 2022 14:32:14 +0000

I think alpinelinux has a way of hiding users in /etc/passwd. Im not on alpine at the moment but from memory last time i looked my user was called "linux user" in /etc/passwd but user name aka /home/username was hevidevi. Ill have to revisit alpine again to understand more.

Edit to add. Alpine linux was absent the shadow file/package from base install afaik.

Re: Secure /etc/passwd ?

dummy@example.com (SpongeBOB) — Fri, 11 Mar 2022 14:25:17 +0000

Thank you HOAS,

I knew that the actual password are stored in /etc/shadow.

But I found curious that any user account can list the full list of user registered on the machine..

Re: Secure /etc/passwd ?

dummy@example.com (Head_on_a_Stick) — Fri, 11 Mar 2022 09:08:09 +0000

SpongeBOB wrote:

Is it not insecure that Others have read permissions ?

No. The actual passwords are encrypted and stored under /etc/shadow as per passwd(5).

SpongeBOB wrote:

I change it to 640

Change it back. Many utilities use that file to map user IDs to user names. It should be world-readable.

EDIT: use pwck(8) & grpck(8) to verify the integrity and validity of /etc/passwd,/etc/shadow & /etc/group.

Secure /etc/passwd ?

dummy@example.com (SpongeBOB) — Fri, 11 Mar 2022 08:36:23 +0000

Hi everyone,

I see that by default the file /etc/passwd is 644

Is it not insecure that Others have read permissions ? I'm not feeling comfortable with that...

I change it to 640 but of course when I log-in with a user that start startxfce4 it's won't launch the GUI and stay in CLI...

I would like to give the correct ACL permissions to make xcfe start, but I don't even know witch account should have read acces ??

Thanks