Results 1 to 4 of 4
Thread: /etc/passwd and /etc
-
04-08-2012, 03:28 AM #1Newbie
- Join Date
- May 2010
- Posts
- 12
/etc/passwd and /etc
Hi is normal that some user in the sistem can list files in /etc and /etc/password?
Can you confirm if this is true:
is normal that the server allow a user to list all users with php? This is part of a cPanel server, this is done by getting a list of the directories in /home/
Is normal that a user with php can see all contenct of /etc?
The contents of the /etc shouldn't be 100% viewable but yes some files will be viewable
is normal that a user can check the /etc/passwd?
All users must be able to access this file in order for the operating system to spawn shells
I want to know if is safely that one user with php can read /etc/passwd an see al information that this file have
Thanks, Daniel.
-
04-08-2012, 04:14 AM #2WHT Addict
- Join Date
- Jul 2008
- Location
- Manitoba, Canada
- Posts
- 122
Enabling open_basedir should remedy this for you.
Scott M. | RDS//Hosting
Business Web Hosting Solutions Since 2004
Personal, Semi-Dedicated Business, DirectAdmin Reseller Accounts
http://www.rdshosting.net | PH. 1.877.442.7674
-
04-08-2012, 07:20 AM #3Aspiring Evangelist
- Join Date
- Sep 2010
- Posts
- 407
Yes, /etc/passwd is world readable, it's really /etc/shadow that shouldn't be.
-
04-08-2012, 08:54 AM #4Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
Perfectly normal and safe for users to be able to view /etc/passwd and most files under the /etc/ directory. As Chris pointed out, it's the /etc/shadow file that the users shouldn't be able to read - it's what contains the actual password hashes.
RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
Similar Threads
-
Unable read /etc/passwd. /etc/passwd MUST be world readable under UN*X operating sys
By robocap in forum Hosting Security and TechnologyReplies: 16Last Post: 10-22-2012, 01:46 AM -
Permission denied: /home/airtrade/etc/airtrade.com.tw/passwd passwd
By mmanickaraj in forum Hosting Security and TechnologyReplies: 1Last Post: 07-20-2008, 02:17 PM -
/etc/passwd
By HD Fanatic in forum Hosting Security and TechnologyReplies: 1Last Post: 03-04-2007, 07:40 PM -
etc/passwd
By PresFox in forum Hosting Security and TechnologyReplies: 7Last Post: 06-23-2005, 03:31 PM -
/etc/passwd
By jasonkw in forum Hosting Security and TechnologyReplies: 14Last Post: 06-25-2003, 11:12 AM