Now, let us take a look at a more interesting example. The MD5-encoded passwords are stored at /etc/shadow. Let us see how this file is protected. Execute the following command:
The output should be similar to the following:
The containing directory has the same permissions as /usr/bin, which means everyone can see and access included files as indicated by their own permissions.
However, the permissions to the password file itself is interested. The last three letters are ---, which means the “others” have no access (whatsoever) to this file. This means that a usual user of a system does not have access to the encoded passwords of everyone in the system.
The middle three letters (of the permissions) means that any member of the shadow group can read the encoded passwords (for authentication purposes), but not to change anything.
The first three letters means that the root owner can read and modify the file, but not to execute it. This makes sense, as the encoded passwords cannot be executed!