nerdexam
CompTIA

LX0-103 · Question #164

On a system using shadowed passwords, the correct permissions for /etc/passwd are ___ and the correct permissions for /etc/shadow are ___.

The correct answer is C. rwrr, r. With shadow passwords, /etc/passwd requires world-read permissions (644, rw-r--r--) for system utilities, while /etc/shadow must be root-read-only (400, r--------) to protect hashed credentials.

Linux Installation and Package Management

Question

On a system using shadowed passwords, the correct permissions for /etc/passwd are ___ and the correct permissions for /etc/shadow are ___.

Options

  • Arwr, r
  • Brwrr, rrr
  • Crwrr, r
  • Drwrrw,rr
  • Erw, r

How the community answered

(40 responses)
  • A
    5% (2)
  • C
    90% (36)
  • D
    3% (1)
  • E
    3% (1)

Why each option

With shadow passwords, /etc/passwd requires world-read permissions (644, rw-r--r--) for system utilities, while /etc/shadow must be root-read-only (400, r--------) to protect hashed credentials.

Arwr, r

rwr,r specifies only three permission characters for /etc/passwd instead of four, producing an incomplete and non-standard permission set.

Brwrr, rrr

rwrr,rrr would set /etc/shadow to world-readable (r--r--r--), exposing hashed passwords to all local users and defeating the purpose of shadow passwords entirely.

Crwrr, rCorrect

The rwrr notation represents 644 (rw-r--r--) for /etc/passwd, which all users must be able to read for UID-to-username resolution. The r notation represents 400 (r--------) for /etc/shadow, restricting hashed password access to root only - this separation is the entire security purpose of the shadow password scheme.

Drwrrw,rr

rwrrw,rr adds group-write on /etc/passwd and makes /etc/shadow group-readable, both of which are insecure and non-standard.

Erw, r

rw,r sets /etc/passwd to 600 (rw-------), removing world-read access that system utilities rely on for user and group name resolution.

Concept tested: Shadow password file permission requirements

Source: https://man7.org/linux/man-pages/man5/shadow.5.html

Topics

#shadowed passwords#file permissions#/etc/passwd#/etc/shadow

Community Discussion

No community discussion yet for this question.

Full LX0-103 Practice