Giuseppe Iannello wrote: >>> This will allow "root" ans "others" (e.g. all daemons) to read /etc/passwd >>> but disallow it for users of the webusers group. Much easier than setting >>> up a vhost environment for each user :-) >>> >>> >> I meant "chroot environment", of course. >> >> Viele Grüße, >> Roland Tapken >> >> > Sometimes I feel stupid. > (at least in debian) /etc/passwd DOESN'T contain password. they are > stored in /etc/shadow, which is NOT readable by users. > That has been the case for quite some time. http://en.wikipedia.org/wiki/Shadow_password suggests that using shadow passwords has been part of various Linux distributions since 1992.
> so there is no need to protect /etc/passwd from reading, except if you > don't want to disclose the list of local users. > In that case, you must go with the chroot stuff, otherwise it would be > (at least) possible to list directories in /home > Indeed. I can't imagine any reason why I would want to keep the list of users secret, especially as some things require that list in order to work properly. Don't forget that the chroot would have to use a redacted /etc/passwd and you would need a separate copy for each user... but I guess that is doable via automatic scripts. Then again, just because I can't imagine a reason for doing something doesn't mean that someone somewhere won't want to use it! Dave
_______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
