Posted by Toby A Inkster on 03/21/07 15:33

Rocky Zhou wrote:

> I found that it realy can read the passwd file!

Yep, it is normal that /etc/passwd is globally readable on Linux/UNIX
systems. If it could not be read by all processes, they'd be unable to map
between numeric UIDs and usernames -- this would negatively effect common
utilities like "ps" and "ls".

This might *sound* like a security problem, but traditionally passwords in
/etc/passwd are stored in an encrypted format using the "crypt" algorithm.
Whatsmore, most modern distributions no longer keep passwords in
/etc/passwd, but keep it in /etc/shadow instead, which has tighter
security -- /etc/passwd just holds less sensitive information, such as
usernames, UIDs, default group, home directory path, default shell and
so on.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

• Next in forum: accessing numerical array index in foreach
• Prev in forum: Link parameter problem
• Thread view: Re: php program can read /etc/passwd?

[Reply to this message]