Ensure Proper Permissions on /etc/group- File : iCompaas Support

Ensure Proper Permissions on /etc/group- File Print

Created by: iCompaas Tech Support

Modified on: Thu, 29 May, 2025 at 7:55 AM

Profile Applicability:
Level 1

Description:
The /etc/group- file is a backup of the /etc/group file, which contains group account information. Improper permissions on this backup file can expose group details to unauthorized users.

Rationale:
Securing permissions on /etc/group- prevents unauthorized access to group information, reducing potential security risks.

Impact:
Pros:

Protects sensitive group account data.
Supports system security and integrity.

Cons:

Overly restrictive permissions may affect backup and restore processes.

Default Value:
Permissions may vary by distribution but should be restrictive.

Pre-requisites:

Root or sudo privileges to audit and modify file permissions.

Remediation:

Test Plan:

Using Linux command line:

Check current permissions of /etc/group-:
```
ls -l /etc/group-
```

2. Verify ownership is root:root and permissions are set to 644 or more restrictive.

Implementation Plan:

Using Linux command line:

Set ownership to root:
```
chown root:root /etc/group-
```
Set permissions to 644:
```
chmod 644 /etc/group-
```
Verify changes:
```
ls -l /etc/group-
```

Backout Plan:

Using Linux command line:

Restore previous permissions and ownership from backup if necessary.
Confirm system utilities operate correctly after changes.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
NIST SP 800-53 Revision 5 - CM-6

iCompaas is the author of this solution article.

Did you find it helpful? Yes No

Ensure Proper Permissions on /etc/group- File Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles