On Mon, 06 Jun 2005 07:50:58 +0200, Thorsten Kukuk <kukuk@suse.de> wrote:
When /etc/passwd and the user db files are not world readable, unprivileged users cannot get a list of other users.
A simple /bin/ls will also fail.
No; it returns the numeric userid instead of a name. But since each user already knows their own name, and sees only their own files, that is not a "failure" in my environment.
If /etc/passwd is not world readable, you can also delete it and don't need it.
No, it serves its purpose, except that users see their numeric userid instead of their user name, when listing their own files with /bin/ls. The user shell and other programs encounter the same restriction, but I've taken steps to minimize the impact on the user experience, and the users are satisfied.
And your method makes it only a little bit harder to get the list of users, not impossible.
No one, except root, has succeeded yet. Though I wonder how you presume to know all about my method.
nscd leaks user information
This is pure FUD.
When /etc/passwd is not world readable, it's a fact. But believe whatever you like.
getent passwd. It is a well defined interface to list all users. No need to write a C program for that.
It's nice you wrote getent. But for unprivileged users, it too, does *not* return the list of users when /etc/passwd is not world readable.
I know more then you about this
So you say. But claiming nscd does the same as nss_db, is FUD. I see Redhat has support for selinux in their version of nss_db; it must require some effort to keep pace with them. So if you're tired of packaging nss_db for Novell, I understand. But I wonder why you can't be bothered to simply use the work Redhat already did for you; aren't we all one happy GPL family? -- The sturgeon general says don't smoke fish