Discussion:
A question
(too old to reply)
khalid fahad
2018-09-24 04:30:17 UTC
Permalink
Hi,
What is the sudoers entry created to allow localuser to cat /etc/shadow)
Thanks
William Roberts
2018-09-24 04:35:52 UTC
Permalink
Sorry for the HTML...

This seems off topic. This is list for questions surrounding the linux
audit subsystem.

That file is usually user=root group=root mode=0644. Ie read only for all,
writeable for user root. No sudoers entry needed for read access.
Post by khalid fahad
Hi,
What is the sudoers entry created to allow localuser to cat /etc/shadow)
Thanks
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
Frank Thommen
2018-09-24 07:50:42 UTC
Permalink
All systems I know disallow reading of /etc/shadow for others or even
group (for good reasons). Hence sudo would be required.

frank
Post by William Roberts
Sorry for the HTML...
This seems off topic. This is list for questions surrounding the linux
audit subsystem.
That file is usually user=root group=root mode=0644. Ie read only for
all, writeable for user root. No sudoers entry needed for read access.
Hi,
What is  the sudoers entry created to allow localuser to cat
/etc/shadow)
Thanks
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
Ed Christiansen MS
2018-09-24 18:40:13 UTC
Permalink
If you expect to pass any kind of security audit, the perms on
/etc/shadow must be 0600. Since it contains the actual password hashes
no one can read it except root to prevent bad puppies from getting the
hashes so they can reverse the hash by brute force on some other host.
Post by Frank Thommen
All systems I know disallow reading of /etc/shadow for others or even
group (for good reasons).  Hence sudo would be required.
frank
Post by William Roberts
Sorry for the HTML...
This seems off topic. This is list for questions surrounding the linux
audit subsystem.
That file is usually user=root group=root mode=0644. Ie read only for
all, writeable for user root. No sudoers entry needed for read access.
    Hi,
    What is  the sudoers entry created to allow localuser to cat
    /etc/shadow)
    Thanks
    --
    Linux-audit mailing list
    https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
William Roberts
2018-09-24 18:58:34 UTC
Permalink
Post by Ed Christiansen MS
If you expect to pass any kind of security audit, the perms on
/etc/shadow must be 0600. Since it contains the actual password hashes
no one can read it except root to prevent bad puppies from getting the
hashes so they can reverse the hash by brute force on some other host.
Before everyone gathers the villagers, pitchforks and torches, I made a
mistake.
I crossed passwd with shadow in my response.

With that said, I was going to let it die with Frank's response, but I can
see folks
will keep at it. Just let it die. It's an off topic question related with
how linux permissions
work not with the audit subsystem.
Post by Ed Christiansen MS
Post by Frank Thommen
All systems I know disallow reading of /etc/shadow for others or even
group (for good reasons). Hence sudo would be required.
frank
Post by William Roberts
Sorry for the HTML...
This seems off topic. This is list for questions surrounding the linux
audit subsystem.
That file is usually user=root group=root mode=0644. Ie read only for
all, writeable for user root. No sudoers entry needed for read access.
Hi,
What is the sudoers entry created to allow localuser to cat /etc/shadow)
Thanks
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
https://www.redhat.com/mailman/listinfo/linux-audit
Stephen Buchanan
2018-09-25 14:54:36 UTC
Permalink
The best way I can think of to let it die off would be to specifically
answer the OP's question (even though we've established that it's a Very
Bad Idea)

Add the following line to /etc/sudoers (using visudo of course):
(assuming the intended user is "localuser" as implied by the language in
OP, and 'which cat' returns '/usr/bin/cat')
localuser ALL:/usr/bin/cat /etc/shadow
Post by William Roberts
With that said, I was going to let it die with Frank's response, but I can
see folks
will keep at it. Just let it die. It's an off topic question related with
how linux permissions
work not with the audit subsystem.
Loading...