Robert Ribnitz writes: > 2) SECURITY ISSUE > ================ > On machines installed using the slink image, and upgraded (dist-upgrade) to > potato, and on machines installed using the potato image (version see > above), "man /etc/passwd" will return the contents of said file. I did a > cross-check with a solaris (sunos 5.7) machine, which did not exhibit this > behavior.
Since the passwd is world readable, you can see its contents by many tools: cat, more, less, vi ... so this isn't really an issue. If you want more secure password protection, you should use the shadow password (the passwords are then stored in /etc/shadow which can't only be read by root) The above behavior of man is indeed unusual but I find it handy: you can consult a man page by "man _this_man_page". This could be useful if you want to know what a package does before really install it (under other OS I would have to read the man page by pipying it through nroff) -- PHAM Dinh Tuan | e-mail: [EMAIL PROTECTED] Laboratoire de Modelisation et Calcul | Tel: +33 4 76 51 44 23 BP 53, 38041 Grenoble cedex 9 (France) | Fax: +33 4 76 63 12 63 -----------------------------------------------------------------------
