I got new server and after Webmin fresh install (and setup users and virtual servers), i noticed that user can view whole filesystem via FTP. So if you have /any-name/ user, this user can go to UP level, check all other users /but don’t have access to go into this user accounts/, also can go 1 level upper and check all directories.
I check, that all users on this server have the same permissions as the users on other server, where they cann’t view whole filesystem.
What is interesting that i setup the same Centos 6.7 template, install Webmin (as on other servers), but for whatever reason, user on this server has rights to see the shadow file
However, non-root users should never be able to read the shadow file – if that’s the case, it sounds like the shadow file may have the wrong permissions.