34

In any linux system I have access to (a couple of Archlinuxes, an Ubuntu, a Debian Sid and a Gentoo) there are the following 4 files in /etc/, all ending with a dash:

/etc/group-
/etc/gshadow-
/etc/passwd-
/etc/shadow-

On the internet they say that these are just backup files, updated to the next to last change.

Now I'm wondering: who's creating those files? Is it my editor? Is it the application editing those files (gpasswd, useradd, groupadd and so on)? Is it something at a lower level (maybe even a kernel module)?

peoro
  • 3,658
  • 3
  • 32
  • 32

1 Answers1

28

The backup files are created by the program that modifies your /etc/group or /etc/passwd files like useradd, groupadd and the like created as a safety precaution in case files get corrupted during edit. Kernel never touches those files.

Karlson
  • 5,845
  • 32
  • 51
  • 1
    It's strange, because `shadow` and `gshadow` files (with a dash), have different *chmod*, unlike `000` and can be read by other users? Is there a way to make backups with proper *chmod* keeping `000`? – Ilia Ross Nov 27 '13 at 09:49
  • @IliaRostovtsev As far as I know the `shadow` and `gshadow` files have permissions of `0400`. – Karlson Nov 27 '13 at 13:17
  • No, on CentOS, Fedora/RedHat it's set to `0000`. It's insecure to have it set to `0400`, I believe because any user on your system could run `cat /etc/shadow` and get the output of it? – Ilia Ross Nov 27 '13 at 15:43
  • @IliaRostovtsev First off I am looking at permissions on `/etc/shadow` on a RedHat system and if it actually is possible for non-root to view this file with permissions of `0400` it means that there a significant bug in permission processing unless the file is owned by some other user. – Karlson Nov 27 '13 at 16:31
  • I think it's the right way to keep this file chmod `0000`. I don't think this is a bug but intended as some system files must be read by other users? – Ilia Ross Nov 27 '13 at 16:36
  • Not sure I follow your last comment. Is this a question or a statement? – Karlson Nov 27 '13 at 16:51
  • It's not very certain statement! :) I believe that this can't be a bug! – Ilia Ross Nov 27 '13 at 16:53
  • I still don't understand why backup files created with different permissions and what programs do that? I will have to investigate this! – Ilia Ross Nov 27 '13 at 16:58
  • It doesn't really matter if they have different permissions for the owner, since they are both owned by root, and root can override them easily. – Cristian Măgherușan-Stanciu Aug 31 '14 at 20:30
  • 1
    Related @IliaRostovtsev: https://unix.stackexchange.com/q/549464/135943 – Wildcard Oct 30 '19 at 21:43