LFCS · Question #445
LFCS Question #445: Real Exam Question with Answer & Explanation
The correct answer is C: -rw-r--r--, -r--------. For shadowed passwords, /etc/passwd must be world-readable (-rw-r--r--) for system processes, while /etc/shadow must be readable only by root (-r--------) to protect sensitive password hashes.
Question
On a system using shadowed passwords, the correct permissions for /etc/passwd are ___ and the correct permissions for /etc/shadow are ___.
Options
- A-rw-r-----, -r--------
- B-rw-r--r--, -r--r--r--
- C-rw-r--r--, -r--------
- D-rw-r--rw-, -r-----r--
- E-rw-------, -r--------
Explanation
For shadowed passwords, /etc/passwd must be world-readable (-rw-r--r--) for system processes, while /etc/shadow must be readable only by root (-r--------) to protect sensitive password hashes.
Common mistakes.
- A. The permissions
-rw-r-----for/etc/passwdrestrict read access for 'others', which can cause issues for programs needing to map UIDs to usernames. - B. The permissions
-r--r--r--for/etc/shadowmake the password hashes world-readable, posing a severe security risk. - D. The permissions
-rw-r--rw-for/etc/passwdallow 'others' to write to the file, which is a significant security vulnerability, and-r-----r--for/etc/shadowstill allows 'others' to read it. - E. The permissions
-rw-------for/etc/passwdrestrict read access to only the owner (root), which can break system functionality requiring user lookup.
Concept tested. Linux password file permissions
Reference. https://man7.org/linux/man-pages/man5/shadow.5.html
Topics
Community Discussion
No community discussion yet for this question.