Skip to main content
BlogLinuxCentOS WORLD-WRITABLE /etc/shadow file

CentOS WORLD-WRITABLE /etc/shadow file

The CentOS images (both the old and the recently updated version) have a world-writable /etc/shadow file. This image was in fact built from scratch and was not online at any point. I can only account this towards a mis-configuration of some kind when I built the image.

If you’ve deployed CentOS, please perform this as root:

[code]chmod 400 /etc/shadow[/code]
This has been corrected in the currently available CentOS image.

I’ve also sent out emails to everyone who has a CentOS image deployed.

My apologies,
-Chris


Comments (1)

  1. Author Photo

    I’m pretty sure that if you’ve ever added a user or changed a password that the permissions are corrected automatically.

    -Chris

Leave a Reply

Your email address will not be published. Required fields are marked *