18

Is there any reason that /etc/passwd should be world-wide readable ? It's not like password hashes that shouldn't be exposed, I just want to know why.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
daisy
  • 53,527
  • 78
  • 236
  • 383
  • 1
    I think when your shell of choice knows to expand `~user` to user's home directory, it's actually looking that up in `/etc/passwd`, so it's nice to have it readable instead of giving all shells elevated rights. – Ulrich Schwarz Aug 06 '12 at 09:46
  • Expanding "~" is a function of $HOME variable - set $HOME to /var/tmp and then if you do "cd ~" - it will change to /var/tmp. – Saurabh Hirani Feb 21 '17 at 11:59

2 Answers2

16

/etc/passwd is sometimes called the user database. That should give us a clue as to why it needs to be readable by everyone. Any utility that inspects file metadata needs to be able to read /etc/passwd (and /etc/group) in order to be able to resolve the numerical IDs used by the kernel and its subsystems to the human-friendly names that we rely on. Tools that need to find your home directory (mail delivery agents, etc) look that information up in /etc/passwd, and inet miniservers like fingerd look up your details in /etc/passwd.

As has been pointed out elsewhere, there is no particularly sensitive data in the file, as modern systems put the password hashes in a shadow password file, which is readable only by root.

D_Bye
  • 13,797
  • 3
  • 42
  • 31
  • 8
    Then, is it for historical reasons it is called `passwd` when in fact this name does not reflect what is in the file? – Emanuel Berg Aug 06 '12 at 15:07
  • 12
    Yes, I think so. In very early versions of UNIX, the passwords were indeed stored in `/etc/passwd` (unencrypted at first!). By the time password hashes were moved out to a shadow file, many utilities already existed that relied on other pieces of information in `/etc/passwd`, so the name stuck. – D_Bye Aug 06 '12 at 15:22
9

/etc/passwd does not contain password hashes (So it is not a big issue). /etc/shadow contains password hashes and it is only readable by root (& shadow group)

Manula Waidyanatha
  • 2,263
  • 20
  • 12
  • 2
    On some setups the passwords aren't even in that file because they are in LDAP or some other secured backend! – Tim Aug 06 '12 at 19:50