Hi,
I have same problem,also i see user can see content of following file:
cat /etc/passwd
I asked this from Liquidweb management team for server i have there and they answered following, i am sure they do best but i want to make sure in such case server is secure or is it security issue:
/bin contains the files that are needed for a customer to run commands such as ls, cat, vim, tar, etc. Each of those is actually a small program that is stored in the /bin directory. If a user did not have read and execute permissions on the /bin directory, they would not be able to execute Linux commands. It would be a security issue if a user were able to write to the /bin directory and change the files there, but as I demonstrated in the previous reply that is not possible.
I am not able to access the new link you provided, it times out for me. However, users often require read access to /etc as well as many configuration files reside there. Again, the user with the shell does not have write access to /etc. /etc/passwd does not have particularly sensitive information, just the names and ID numbers of users on the server. There are no actual passwords stored there, those are in /etc/shadow which I have confirmed that this user does not have access to.
