IT Best Practices Tip: nist_V-38457
Severity: medium
Short Description
The /etc/passwd file must have mode 0644 or less permissive.
Long Description
If the "/etc/passwd" file is writable by a group-owner or the world the risk of its compromise is increased. The file contains the list of accounts on the system and associated information, and protection of this file is critical for system security.
How to Check Correct Configuration
To check the permissions of "/etc/passwd", run the command:
$ ls -l /etc/passwd
If properly configured, the output should indicate the following permissions: "-rw-r--r--"
If it does not, this is a finding.
How to Fix
To properly set the permissions of "/etc/passwd", run the command:
# chmod 0644 /etc/passwd