On 2/4/2015 4:04 PM, Warren Young wrote: > # rpm -q --dump setup|grep shadow > /etc/gshadow 0 1329943062 d41d8cd98f00b204e9800998ecf8427e 0100400 root root 1 0 0 X > /etc/shadow 0 1329943062 d41d8cd98f00b204e9800998ecf8427e 0100400 root root 1 0 0 X > > This says it should be mode 400, as it is here on both of the local EL5 boxes I checked. > > You have a serious security hole there, Always. indeed. $ cat /etc/redhat-release && ls -l /etc/shadow CentOS release 5.11 (Final) -r-------- 1 root root 4739 Sep 24 10:54 /etc/shadow -- john r pierce 37N 122W somewhere on the middle of the left coast