Is there a standard way of stopping this, by configuration or some other means at source, that is the WebServer itself? Run the Web server in a chroot'ed partition. Of course, that won't stop someone from copying /etc/passwd to their own area -- you can make something foolproof, but not damnfoolproof.