/etc/passwd or /etc/groups, file system permissions always revert to 644

book

Article ID: 35792

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Problem:

Upon modifying a Unix user account with ControlMinder, the rights of the file /etc/passwd or /etc/groups, etc. change and set to 644.


Environment:

Applies to all supported environments for ControlMinder on Unix or Linux
 

Cause:

Although it might not be obvious, what you see in this case is expected behaviour and is working by design.


Resolution:

By default CM is resetting group and passwd file ownership and file access rights to root and 644 upon update of a user and/or group.
This behaviour is meant as security feature, e.g. if the file was "stolen" by some other user.

Anyway, you can switch off this behaviour if you negate the default values of these tokens in seos.ini in [passwd] section
 SaveGroupAttrs
 SavePasswdAttrs

 
Additional Information:

https://docops.ca.com/cminder/12-9/EN/reference/configuration-files/the-seos-ini-initialization-file/passwd

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component:

Resolution

.