[svlug] Should my /etc/passwd really be mode 644?

Sarah Newman newmans at sonic.net
Fri Oct 2 18:06:30 PDT 2015


On 10/02/2015 05:54 PM, Rick Moen wrote:

> If you were very determined to conceal your local users from each other
> to the extent possible, I suppose you _could_ try moving non-system
> users to one of the other auth back-ends like NIS or LDAP.  {shudder}
> I'm not sure that actually buys you anything, as ISTR that local LDAP
> and NIS users remain free to query the auth database about other users
> -- and that sure would add a lot of complexity that would be difficult
> to justify unless you have a mandate for SSO.

You could also try setting 660 on /etc/passwd and /etc/group, set the group to something special, and have the programs that need to access them be
setgid to that special group. I don't know if it would actually work or not.



More information about the svlug mailing list