7.1.8 Ensure permissions on /etc/gshadow- are configured

Audit#

Run the following command to verify /etc/gshadow- is mode 640 or more restrictive, Uid is 0/root and Gid is 0/root:

# stat -Lc 'Access: (%#a/%A) Uid: ( %u/ %U) Gid: ( %g/ %G)' /etc/gshadow-

Example:

Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 42/ shadow)

Run one of the following commands to set ownership of /etc/gshadow- to root and group to either root or shadow:

# chown root:shadow /etc/gshadow-
-OR-
# chown root:root /etc/gshadow-

Run the following command to remove excess permissions form /etc/gshadow-:

# chmod u-x,g-wx,o-rwx /etc/gshadow-

Default Value: Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 42/ shadow)