Is there any way to allow users to access the etc/passwd file for commands like whoami but not be able to read the file? If I don't put a user in the security group and change the permissions on the etc/passwd file to 640 (rw-r-----) the users can login but the whoami command doesn't work for them. If I give other the read permission whoami works but the user can also read the file. I want user to be able to run the whoami command but not see what is in the /etc/passwd file.
If you have "sudo", add that for the users. Or make it setuid.
I would suggest setting up sudo for whoami. If you want to make it completely transparent set up sudo, so the user doesn't need to type in a password and then create an alias that does 'sudo whoami'.
You can't make /etc/passwd unreadable, because commands like "ls" rely on it to associate numeric uids to usernames.
If you make /etc/passwd unreadable to a user, then whenever that user types "ls -l", or certain other commands, they will just see numbers instead of usernames as the file owners.
Read the detail of SUID bit .....and be very careful for using it.
It might cause the security risks. but i think it can solve your problem.
not sure what your trying to do but I highly recommend NOT altering the permissions on /etc/passwd. Your not improving security by doing this and will break something. /etc/security/passwd which contains encrypted passwords is already protected.