CentOS WORLD-WRITABLE /etc/shadow file

October 4, 2004 9:34 pm

The CentOS images (both the old and the recently updated version) have a world-writable /etc/shadow file. This image was in fact built from scratch and was not online at any point. I can only account this towards a mis-configuration of some kind when I built the image.

If you’ve deployed CentOS, please perform this as root:

[code]chmod 400 /etc/shadow[/code]
This has been corrected in the currently available CentOS image.

I’ve also sent out emails to everyone who has a CentOS image deployed.

My apologies,
-Chris

One Response

  1. I’m pretty sure that if you’ve ever added a user or changed a password that the permissions are corrected automatically.

    -Chris

Leave a Reply