Privacy Concerns (Was: Re: Ports)

[Brian Kifiak <bk_(_at_)_localhost_(_dot_)_ca>]

> Privacy issues are a valid thing to consider

Since we're within passing distance of the subject, I have a question.  Someone
recently asked me how they could stop people from getting names of the other
users on a system they administrate.  I was wondering why anyone would care,
but I was quickly jerked into the reality of spam.  It seems as though someone
from a competing ISP had gotten a (legitimate) account on a system of ~3000
users and had spammed all the users (probably to "enlighten" the users by
showing them that they're a supurior buisness, schoff).

Bottom line: the solution needs to be able to withstand a fairly determined
attack.  (Low level programming voodoo could be used against the system.)

Anyways, what types of solutions could they look at?  It would be a shame to
loose functionality (and in turn some user would ask the administrator to add 
some feature they're now missing) or compatibility.

Worst case, would changing the permissions on the passwd and group file work?  
Would it cripple anything in the process?  Cripple woudln't include forcing
users to use numeric UID's instead of symbolic names, that's why this would
probably be worst case scenario.

Are there any other options?  Patches?