The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to secure /etc/passwd

Discussion in 'General Discussion' started by morfargekko, Oct 12, 2007.

  1. morfargekko

    morfargekko Member

    Joined:
    Jul 3, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hi is there any way to secure /etc/passwd so that it can't be read and still have cPanel work as it should. I am running cPanel 11.15.0-R17659 , phpsuexec and have open_basedir enabled (even if it doesn't seam to work with phpsuexec).
     
  2. kudos

    kudos Member

    Joined:
    Sep 29, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I would also like this answered.
     
  3. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I am almost certain that is not possible. Users being able to read /etc/passwd shouldn't be a security problem anyway.
     
  4. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    it's possible but with kernel patches. like grsecurity and selinux.
     
  5. morfargekko

    morfargekko Member

    Joined:
    Jul 3, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    How can U say that? There are ways to decrypt MD5 passwords! :eek:
     
  6. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    in /etc/passwd you will not found any hash. only usernames. path to home, shell etc.
    and i again should say that it possible restrict access to /etc/passwd. if you run any user with jailshell you can check it yourself - you can can read /etc/passwd but you will see only your own (i.e. user under which you try got access to .etc.passwd) records.
    if you use php as module then it will impossible as apache should have access to user files, but with php as cgi you can restrict access to system files and even to docroot (suphp can restrict at least, but only for php). if you use grsec you can restrict access to any users (include root user) and for any server files and set security rules. of course it is not very easy work.
     
  7. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
    passwords should be shadowed and not written out even if they are encrypted in your /etc/passwd.
     
Loading...

Share This Page