Hello @Slogan4682
Don;t worry about passwords 
That cp command is part of how systemplate chroots (the isolated jail environments for document processes) are prepared. Here’s what’s going on:
- Collabora runs each document in a jailed environment (a chroot-like container under
/tmp/coolwsd.*), so that even if a document process is compromised, it doesn’t have access to the real host filesystem. - To make that jail usable, Collabora needs to provide some basic system files inside it — for example,
/etc/passwd,/etc/group, locale files, fonts, etc. Without/etc/passwd, processes inside the jail may fail when calling library functions that look up user or group information. - The
cp --dereference --preserve=all /etc/passwd …step copies the host’s/etc/passwdfile into the jail so that those lookups work. Importantly, this does not expose/etc/passwdto other users — it just makes it available to the sandboxed process that Collabora spawns. - The reason it copies rather than mounts is to keep the jail isolated: the jailed process only sees a snapshot of
/etc/passwd, not the real one.
Since /etc/passwd on modern Linux systems does not contain password hashes (those are stored in /etc/shadow, which is not copied), this is not a security risk. It only contains usernames, UIDs, GIDs, and shell/home directory info — essentially public information needed for system operation.
Thanks
Darshan