From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT) Description of problem: When a user changes their password with the passwd utility as shipped with RedHat 7.0 the permissions on /etc/shadow are reset to be owned by root, group root, and mode 0600 rather than preserving the permissions of the old shadow file. The permissions are actually changed by the pam_unix module which is called via the /etc/pam.d/passwd which uses service=system- auth which contains the line: password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow Looking at the code for pam_unix.so, specifically the source file pam_unix_passwd.c, clearly the permissions for the updated /etc/passwd and /etc/shadow files are hardcoded. Simply replacing the hardcoded values with information taken from stats of the existing files should fix the problem. How reproducible: Always Steps to Reproduce: 1.Change default permissions on /etc/shadow from the default 0600 to 0640 2.successfully change any user password using passwd 3.check the permissions on /etc/shadow, they will be reset to the default Additional info:
This should be fixed in 0.75-10 and later. Thanks!