7.1.1 Ensure permissions on /etc/passwd are configured

Information

The /etc/passwd file contains user account information that is used by many system utilities and therefore must be readable for these utilities to operate.

It is critical to ensure that the /etc/passwd file is protected from unauthorized write access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following commands to remove excess permissions, set owner, and set group on /etc/passwd :

# chmod u-x,go-wx /etc/passwd
# chown root:root /etc/passwd

See Also

https://workbench.cisecurity.org/benchmarks/18208

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 250471ea305861317b0a3869b8f9af8a2153be84d11005b05ca361a7f87ae7bc