Is there any reason that /etc/passwd should be world-wide readable ? It's not like password hashes that shouldn't be exposed, I just want to know why.
Why is /etc/passwd open to public for reading
etcusers
etcusers
Is there any reason that /etc/passwd should be world-wide readable ? It's not like password hashes that shouldn't be exposed, I just want to know why.
Best Answer
/etc/passwdis sometimes called the user database. That should give us a clue as to why it needs to be readable by everyone. Any utility that inspects file metadata needs to be able to read/etc/passwd(and/etc/group) in order to be able to resolve the numerical IDs used by the kernel and its subsystems to the human-friendly names that we rely on. Tools that need to find your home directory (mail delivery agents, etc) look that information up in/etc/passwd, andinetminiservers likefingerdlook up your details in/etc/passwd.As has been pointed out elsewhere, there is no particularly sensitive data in the file, as modern systems put the password hashes in a shadow password file, which is readable only by root.