Dave Ingram wrote: > Giuseppe Iannello wrote: >>>> This will allow "root" ans "others" (e.g. all daemons) to read /etc/passwd >>>> but disallow it for users of the webusers group. Much easier than setting >>>> up a vhost environment for each user :-) >>>> >>>> >>> I meant "chroot environment", of course. >>> >>> Viele Grüße, >>> Roland Tapken >>> >>> >> Sometimes I feel stupid. >> (at least in debian) /etc/passwd DOESN'T contain password. they are >> stored in /etc/shadow, which is NOT readable by users. >> > That has been the case for quite some time. > http://en.wikipedia.org/wiki/Shadow_password suggests that using > shadow passwords has been part of various Linux distributions since 1992.
Yep, you're right. I just forgot it :D > >> so there is no need to protect /etc/passwd from reading, except if you >> don't want to disclose the list of local users. >> In that case, you must go with the chroot stuff, otherwise it would be >> (at least) possible to list directories in /home >> > Indeed. I can't imagine any reason why I would want to keep the list > of users secret, especially as some things require that list in order > to work properly. Don't forget that the chroot would have to use a > redacted /etc/passwd and you would need a separate copy for each > user... but I guess that is doable via automatic scripts. > > Then again, just because I can't imagine a reason for doing something > doesn't mean that someone somewhere won't want to use it! well, nothing running at user level requires the list of users on the system. The chroots have an /etc/passwd, magically created by make_chroot_jail.sh. The reason is simple. I run a hosting platform with different users on the same server. What if the user "billgates" descends to /home or does a "cat /etc/passwd" and discovers a "stevejobs" user? I don't want to lose customers, so I prefer not to let them know who my other customers are. -- Giuseppe Iannello System administrator _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
