hosted by liquidweb

Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : /etc/passwd and /etc

Forum Jump

/etc/passwd and /etc

Reply Post New Thread In Hosting Security and Technology Subscription
Send news tip View All Posts Thread Tools Search this Thread Display Modes
Join Date: May 2010
Posts: 12

/etc/passwd and /etc

Hi is normal that some user in the sistem can list files in /etc and /etc/password?

Can you confirm if this is true:
is normal that the server allow a user to list all users with php? This is part of a cPanel server, this is done by getting a list of the directories in /home/

Is normal that a user with php can see all contenct of /etc?
The contents of the /etc shouldn't be 100% viewable but yes some files will be viewable

is normal that a user can check the /etc/passwd?
All users must be able to access this file in order for the operating system to spawn shells

I want to know if is safely that one user with php can read /etc/passwd an see al information that this file have

Thanks, Daniel.

Sponsored Links
WHT Addict
Join Date: Jul 2008
Location: Manitoba, Canada
Posts: 122
Enabling open_basedir should remedy this for you.

Scott M. | RDS//Hosting
Business Web Hosting Solutions Since 2004
Personal, Semi-Dedicated Business, DirectAdmin Reseller Accounts | PH. 1.877.442.7674

Aspiring Evangelist
Join Date: Sep 2010
Location: Philadelphia
Posts: 405
Yes, /etc/passwd is world readable, it's really /etc/shadow that shouldn't be.

Chris Rogers -
Inerail - Servers, Colocation, IP Transit
Performance, Reliability, Security
New York Philadelphia London Salt Lake City

Sponsored Links
Security Ninja
Join Date: Mar 2003
Location: Canada
Posts: 8,826
Perfectly normal and safe for users to be able to view /etc/passwd and most files under the /etc/ directory. As Chris pointed out, it's the /etc/shadow file that the users shouldn't be able to read - it's what contains the actual password hashes.

Patrick William | RACK911 Labs | Software Security Auditing
400+ Vulnerabilities Found - Get a Quote @ - Security notices for the hosting community.


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable read /etc/passwd. /etc/passwd MUST be world readable under UN*X operating sys robocap Hosting Security and Technology 16 10-22-2012 01:46 AM
Permission denied: /home/airtrade/etc/ passwd mmanickaraj Hosting Security and Technology 1 07-20-2008 02:17 PM
/etc/passwd HD Fanatic Hosting Security and Technology 1 03-04-2007 07:40 PM
etc/passwd PresFox Hosting Security and Technology 7 06-23-2005 03:31 PM
/etc/passwd jasonkw Hosting Security and Technology 14 06-25-2003 11:12 AM

Related posts from
Title Type Date Posted

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Log in with your username and password

Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Web Hosting News:
WHT Membership
WHT Membership



Welcome to

Create your username to jump into the discussion! is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.

(4 digit year)

Already a member?