LX0-103 · Question #164
On a system using shadowed passwords, the correct permissions for /etc/passwd are ___ and the correct permissions for /etc/shadow are ___.
The correct answer is C. rwrr, r. With shadow passwords, /etc/passwd requires world-read permissions (644, rw-r--r--) for system utilities, while /etc/shadow must be root-read-only (400, r--------) to protect hashed credentials.
Question
On a system using shadowed passwords, the correct permissions for /etc/passwd are ___ and the correct permissions for /etc/shadow are ___.
Options
- Arwr, r
- Brwrr, rrr
- Crwrr, r
- Drwrrw,rr
- Erw, r
How the community answered
(40 responses)- A5% (2)
- C90% (36)
- D3% (1)
- E3% (1)
Why each option
With shadow passwords, /etc/passwd requires world-read permissions (644, rw-r--r--) for system utilities, while /etc/shadow must be root-read-only (400, r--------) to protect hashed credentials.
rwr,r specifies only three permission characters for /etc/passwd instead of four, producing an incomplete and non-standard permission set.
rwrr,rrr would set /etc/shadow to world-readable (r--r--r--), exposing hashed passwords to all local users and defeating the purpose of shadow passwords entirely.
The rwrr notation represents 644 (rw-r--r--) for /etc/passwd, which all users must be able to read for UID-to-username resolution. The r notation represents 400 (r--------) for /etc/shadow, restricting hashed password access to root only - this separation is the entire security purpose of the shadow password scheme.
rwrrw,rr adds group-write on /etc/passwd and makes /etc/shadow group-readable, both of which are insecure and non-standard.
rw,r sets /etc/passwd to 600 (rw-------), removing world-read access that system utilities rely on for user and group name resolution.
Concept tested: Shadow password file permission requirements
Source: https://man7.org/linux/man-pages/man5/shadow.5.html
Topics
Community Discussion
No community discussion yet for this question.