hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : /etc/passwd and /etc
Reply

Forum Jump

/etc/passwd and /etc

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Newbie
 
Join Date: May 2010
Posts: 12

/etc/passwd and /etc


Hi is normal that some user in the sistem can list files in /etc and /etc/password?

Can you confirm if this is true:
is normal that the server allow a user to list all users with php? This is part of a cPanel server, this is done by getting a list of the directories in /home/

Is normal that a user with php can see all contenct of /etc?
The contents of the /etc shouldn't be 100% viewable but yes some files will be viewable

is normal that a user can check the /etc/passwd?
All users must be able to access this file in order for the operating system to spawn shells

I want to know if is safely that one user with php can read /etc/passwd an see al information that this file have

Thanks, Daniel.



Sponsored Links
  #2  
Old
WHT Addict
 
Join Date: Jul 2008
Location: Manitoba, Canada
Posts: 122
Enabling open_basedir should remedy this for you.

__________________
Scott M. | RDS//Hosting
Business Web Hosting Solutions Since 2004
Personal, Semi-Dedicated Business, DirectAdmin Reseller Accounts
http://www.rdshosting.net | PH. 1.877.442.7674

  #3  
Old
Aspiring Evangelist
 
Join Date: Sep 2010
Location: Philadelphia
Posts: 401
Yes, /etc/passwd is world readable, it's really /etc/shadow that shouldn't be.

__________________
Chris Rogers - crogers@inerail.net
Inerail - Servers, Colocation, IP Transit
Performance, Reliability, Security
New York Philadelphia London Salt Lake City

Sponsored Links
  #4  
Old
Security Ninja
 
Join Date: Mar 2003
Location: Canada
Posts: 8,768
Perfectly normal and safe for users to be able to view /etc/passwd and most files under the /etc/ directory. As Chris pointed out, it's the /etc/shadow file that the users shouldn't be able to read - it's what contains the actual password hashes.

__________________
Patrick William | RACK911 Labs | Software Security Auditing
300+ Vulnerabilities Found - Get a Quote @ http://www.RACK911Labs.com

www.HostingSecList.com - Security notices for the hosting community.

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable read /etc/passwd. /etc/passwd MUST be world readable under UN*X operating sys robocap Hosting Security and Technology 16 10-22-2012 01:46 AM
Permission denied: /home/airtrade/etc/airtrade.com.tw/passwd passwd mmanickaraj Hosting Security and Technology 1 07-20-2008 02:17 PM
/etc/passwd HD Fanatic Hosting Security and Technology 1 03-04-2007 07:40 PM
etc/passwd PresFox Hosting Security and Technology 7 06-23-2005 03:31 PM
/etc/passwd jasonkw Hosting Security and Technology 14 06-25-2003 11:12 AM

Related posts from TheWhir.com
Title Type Date Posted
cPanel Security Updates Address Perl Module Vulnerabilities Web Hosting News 2012-12-06 12:55:54


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?