The TOSS 5 /etc/passwd file must have mode 0644 or less permissive to prevent unauthorized access.

Severity
Group ID
Group Title
Version
Rule ID
Date
STIG Version
mediumV-282648SRG-OS-000480-GPOS-00227TOSS-05-000152SV-282648r1201583_rule2026-04-011

Description

If the "/etc/passwd" file is writable by a group owner or the world, it increases the risk of compromise. The file contains the list of accounts on the system and associated information, and protection of this file is critical for system security.

ℹ️ Check

Verify the "/etc/passwd" file has mode "0644" or less permissive using the following command: $ sudo stat -c "%a %n" /etc/passwd 644 /etc/passwd If a value of "0644" or less permissive is not returned, this is a finding.

✔️ Fix

Change the mode of the file "/etc/passwd" to "0644" using the following command: $ sudo chmod 0644 /etc/passwd