[CentOS] Another Fedora decision

Thu Feb 5 23:36:38 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Thu, February 5, 2015 5:23 pm, Always Learning wrote:
>
> On Thu, 2015-02-05 at 16:39 -0600, Valeri Galtsev wrote:
>
>> >>>
>> >>>       -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow
>
>> Be it me, I would consider box compromised. All done on/from that box
>> since probable day it happened compromised as well. If there is no way
>> to
>> establish the day, then since that system originally build. With full
>> blown sweeping up the consequences. Finding really-really-really
>> convincing proof it is not a result of compromise (and yes, fight one's
>> wishful thinking!).
>
> Logically ?
>
> 1. to change the permissions on shadow from -rw-x------ or from
> ---------- to -rw-r--r-- requires root permissions ?
>
> 2. if so, then what is the advantage of changing those permissions when
> the entity possessing root authority can already read shadow - that
> entity requires neither group nor user permissions to read shadow.
>

As I said, it's your money, mister.

Think of what your users will think about your response to bizarre you
have discovered. Sysadmins have their users' trust a priori. But they have
to keep deserving this trust all the time.

Just my $0.02

Valeri

PS I figure I really have to thank my teachers! Including great books I've
read...

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++