var sidebar_align = 'right';
var content_container_margin = parseInt('290px');
var sidebar_width = parseInt('270px');
/etc/passwd and /etc
Hi is normal that some user in the sistem can list files in /etc and /etc/password?
Can you confirm if this is true:
is normal that the server allow a user to list all users with php? This is part of a cPanel server, this is done by getting a list of the directories in /home/
Is normal that a user with php can see all contenct of /etc?
The contents of the /etc shouldn't be 100% viewable but yes some files will be viewable
is normal that a user can check the /etc/passwd?
All users must be able to access this file in order for the operating system to spawn shells
I want to know if is safely that one user with php can read /etc/passwd an see al information that this file have
Enabling open_basedir should remedy this for you.
RDS / / Hosting
Business Web Hosting Solutions Since 2004 Personal, Semi-Dedicated Business, DirectAdmin Reseller Accounts
| PH. 1.877.442.7674
Yes, /etc/passwd is world readable, it's really /etc/shadow that shouldn't be.
- Servers, Colocation, IP Transit
Performance, Reliability, Security
New York • Philadelphia • London • Salt Lake City
Perfectly normal and safe for users to be able to view /etc/passwd and most files under the /etc/ directory. As Chris pointed out, it's the /etc/shadow file that the users shouldn't be able to read - it's what contains the actual password hashes.
By robocap in forum Hosting Security and Technology
Last Post: 10-22-2012, 01:46 AM
By mmanickaraj in forum Hosting Security and Technology
Last Post: 07-20-2008, 02:17 PM
By HD Fanatic in forum Hosting Security and Technology
Last Post: 03-04-2007, 07:40 PM
By PresFox in forum Hosting Security and Technology
Last Post: 06-23-2005, 03:31 PM
By jasonkw in forum Hosting Security and Technology
Last Post: 06-25-2003, 11:12 AM
Related Posts from theWHIR.com