permissions on /etc/shadow

Question

I am using Red Hat Enterprise Linux and here are the details:

uname -a
3.10.0-327.22.2.e17.x86_64

When I check permissions on the shadow file I see the following:

ls -l /etc/shadow
----------. 1 root root 1467 /etc/shadow

I am surprised to see these permissions. I would think that 'passwd' would need at least read/write permissions for the owner to update this file. Any idea what is going on here?

score 5 · Answer 1 · edited Apr 13 '17 at 12:36

5

That's normal.

passwd doesn't need read/write permissions as it's got the suid bit set, runs as root.

# ls -l /etc/shadow /usr/bin/passwd
---------- 1 root root   798 Jul 21 21:15 /etc/shadow
-rwsr-xr-x 1 root root 26688 Sep 10  2015 /usr/bin/passwd
#

More info at Stackexchange "How does the 'passwd' command gain root user permissions?" if you want it.

edited Apr 13 '17 at 12:36

Community

1

answered Oct 16 '16 at 19:16

steve

21,892

score 4 · Answer 2 · edited Apr 13 '17 at 12:36

The permission bits usually don't apply to processes running with appropriate capabilities (e.g. when they're running with root privileges). A more accurate summary, courtesy of Hauke Laging's post:

Always assume that root (and any other user/process with CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH) can do everything unless an LSM (SELinux, AppArmor or similar) prevents him from doing that.

As steve already pointed out, passwd and similar programs either have the suid bit set (so everyone can run them with root privileges) or are only meant to be used by root, so the permissions on /etc/shadow don't matter either way.

permissions on /etc/shadow

2 Answers2