Skip to content

6.1.7 Ensure permissions on /etc/gshadow are configured

Audit#

Run the following command to verify /etc/gshadow is mode 640 or more restrictive, Uid is 0/root and Gid is 0/root: 

# stat -Lc "%n %a %u/%U %g/%G" /etc/gshadow

Example: 

/etc/gshadow 640 0/root 42/gshadow

Remediation#

Run one of the following commands to set ownership of /etc/gshadow to root and group to either root or shadow: 

# chown root:shadow /etc/gshadow

-OR- 

# chown root:root /etc/gshadow

Run the following command to remove excess permissions form /etc/gshadow: 

# chmod u-x,g-wx,o-rwx /etc/gshadow

Default Value:

/etc/gshadow 640 0/root 42/shadow