I've done a lot of work, including custom source tweaks to certain user utilities, to prevent my users from getting to the /etc/passwd file, but yet, still give them important functions in their shell account, like gcc. My efforts are successful until I run nscd. Because nscd is running as root, he provides user names for all uids which exist, if a user compiles and runs this simple C program:
#include <stdio.h> #include <pwd.h>
struct passwd *user;
int main (int argc, char **argv) {
int uid;
for (uid = 0; uid < 65535; uid++) { user = getpwuid (uid); if (user != NULL) printf ("Found uid %d with name %s\n", uid, user->pw_name); }
This trivial example defeats my efforts to prevent users from getting a list of other users. So now I must stop running nscd, since he runs as root. Unless someone knows of a solution to this dilemma? Egan