Ensure Proper Permissions on /etc/shadow- File : iCompaas Support

Ensure Proper Permissions on /etc/shadow- File Print

Created by: iCompaas Tech Support

Modified on: Thu, 29 May, 2025 at 7:32 AM

Profile Applicability:
Level 1

Description:
The /etc/shadow- file is a backup of the /etc/shadow file, which contains users’ encrypted password information. Improper permissions on this backup file can expose sensitive password hashes to unauthorized users.

Rationale:
Securing permissions on /etc/shadow- protects sensitive password data from unauthorized access, reducing the risk of credential compromise.

Impact:
Pros:

Prevents unauthorized access to password backups.
Maintains integrity of user authentication data.

Cons:

Overly restrictive permissions may impact backup and restore operations.

Default Value:
Permissions may vary by distribution, but should be restrictive.

Pre-requisites:

Root or sudo privileges to audit and modify file permissions.

Remediation:

Test Plan:

Using Linux command line:

Check current permissions of /etc/shadow-:
```
ls -l /etc/shadow-
```
Verify ownership is root:root and permissions are set to 600 or more restrictive.

Implementation Plan:

Using Linux command line:

Set ownership to root:
```
chown root:root /etc/shadow-
```
Set permissions to 600:
```
chmod 600 /etc/shadow-
```
Verify changes:
```
ls -l /etc/shadow-
```

Backout Plan:

Using Linux command line:

Restore previous permissions and ownership from backup if necessary.
Confirm system utilities operate correctly after changes.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
NIST SP 800-53 Revision 5 - IA-5

iCompaas is the author of this solution article.

Did you find it helpful? Yes No

Ensure Proper Permissions on /etc/shadow- File Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles