Hello all,
I set up a small Nextcloud server (latest versions, etc etc) and i noticed that the user www-data, under which everything runs, executes the following command:
cp --dereference --preserve=all /etc/passwd /tmp/coolwsd.dZO3nCn3iA/systemplate/etc/passwd
From what i gather, /tmp/coolwsd.dZO2nCn5iU/ is a temporary jail that collabora runs in, but the fact that it copies /etc/passwd worries me a bit.
Does anyone know why this is happening?
Hello @Slogan4682
Don;t worry about passwords 
That cp command is part of how systemplate chroots (the isolated jail environments for document processes) are prepared. Here’s what’s going on:
/tmp/coolwsd.*), so that even if a document process is compromised, it doesn’t have access to the real host filesystem./etc/passwd, /etc/group, locale files, fonts, etc. Without /etc/passwd, processes inside the jail may fail when calling library functions that look up user or group information.cp --dereference --preserve=all /etc/passwd … step copies the host’s /etc/passwd file into the jail so that those lookups work. Importantly, this does not expose /etc/passwd to other users — it just makes it available to the sandboxed process that Collabora spawns./etc/passwd, not the real one.Since /etc/passwd on modern Linux systems does not contain password hashes (those are stored in /etc/shadow, which is not copied), this is not a security risk. It only contains usernames, UIDs, GIDs, and shell/home directory info — essentially public information needed for system operation.
Thanks
Darshan
Thank you Darshan, what you said is also in the documentation, but you explained it much better!! Now i understand, thank you 