Although Ubuntu 14.04's default for ``/etc/shadow`` is ``0640``, the STIG
requires a mode of ``0000``. This doesn't affect how the system operates since
root is the only user that should be able to read from and write to
``/etc/shadow``.  Allowing users to read the file could open up the system
to attacks since the password hashes can be dumped and brute forced.