/etc/passwd permissions keep resetting to 600

[Jim Jones]

/etc/passwd permissions keep getting reset to 600. When I set it to 644 as su, it eventually changes back. This occurs on my openSuse10.2 machine but not the openSuse 11.1 machine, but I assume that is irrelevant. Is there something that got tweaked that I need to change in Yast to stop this from happening?

[gogalthorp]

Why do you want to bypass security? You really want to allow anyone to read that file?? Admittedly the passwords are hashed. But if I have that hash I'm one step closer to owning your system.

[Jim Jones]

I teach a Unix class and some scripting assignments I like to have students do require read-access to /etc/passwd. I see no reason (in our case) for this file to be hidden since the encrypted passwords are elsewhere in /etc/shadow (local users) or on an authentication server (net users). I do appreciate your concern--just for fun I once wrote a little program using crypt() to recall what password I used years earlier from its hash in an archive copy of /etc/shadow.

[gogalthorp]

Copy the file to a slightly different name or directory. Then they can read to study it. There is no goos reason t give any one but root access to a live passwd. Particularly students. Unless you don;t care if one owns the machine.

[Jim Jones]

Its professional curiosity at this point. As it turns out my students can access copies like you suggest since the system auto saves /etc/passwd.old and /etc/passwd.YaST2save with 644 access. That seems inconsistent since they give up the same information as is in the "live" /etc/passwd file. So if anyone out there knows the Suse/Linux mechanism and whether it is configurable, I'd like to know. Especially since other Unix systems I have used had 644 on their /etc/passwd file, including a server we have that runs a later version of Suse. I'm not interested in security policy, just implementation detail.

[Jim Jones]

I still hope someone out there has an idea why /etc/passwd keeps getting reset on my Suse 10 server back to 600. I reset it manually to 644, the way it is supposed to be, and in about 10 minutes or perhaps more I discover it has been reset. None of the SERVER/~USERNAME websites can be found when the permissions reset to 600 (the browser returns a Error 404 Object Not Found). I assume this is because Apache needs to access the passwd file to get the home directory information for USERNAME. This is not the only service that doesn't work. For instance, SSH has problems whereas Telnet does not. I assume that sshd needs to access the file to look up the home directory for USERNAME (in order to find the .ssh directory).

If anyone has a clue, I would love to hear your thoughts.