IT Best Practices Tip: nist_V-38450

Severity: medium

Short Description

The /etc/passwd file must be owned by root.

Long Description

The "/etc/passwd" file contains information about the users that are configured on the system. Protection of this file is critical for system security.

How to Check Correct Configuration

To check the ownership of "/etc/passwd", run the command:

$ ls -l /etc/passwd

If properly configured, the output should indicate the following owner: "root"
If it does not, this is a finding.

How to Fix

To properly set the owner of "/etc/passwd", run the command:

# chown root /etc/passwd