I have an account on a shared host from which I run several websites, and I noticed that lslogins is working: I get a list of the other users on the machine, their UIDs, GIDs, time of last login, GECOS fields, last IP address from which login occurred, etc.
Would it be better for my provider to restrict lslogins or is this not something to worry about?
Unix and similarly Linux were designed to support multiple users from their very inception. As such, there is a fair amount of security to restrict a user's ability to attack other user's processes and such. While knowing who has an account on your machine may help you in an attack, it is likely not the key component, and not considered a terrible problem in the Linux model. This is fortunate as it can be difficult to restrict access to /etc/passwd file (the source of data for lslogins):
It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser/root account.
