Subject: Re: Root, toor accounts.
To: David Brownlee <abs@anim.dreamworks.com>
From: Marc Baudoin <babafou@babafou.eu.org>
List: netbsd-users
Date: 03/14/1999 21:58:51
David Brownlee <abs@anim.dreamworks.com> écrit :
> On Sat, 13 Mar 1999, Erik Bertelsen wrote:
>
> > If fact I have a strong feeling that it is -plain wrong- to ship
> > NetBSD with a /etc/passwd that triggers the /etc/security script
> > unconditionally after a clean installation as is the current
> > situation :-(
> >
> Amen.
The operator user does also trigger a warning in /etc/security
after a clean install:
Login operator is off but still has a valid shell (/bin/csh)
As this user doesn't own a single file in a full installation, I
wonder if it's useful...
As I'm curious, I just ran some find commands on a 1.3.3 system I
just installed (full installation, just to be sure) and it raises
some questions:
- The daemon user only owns the /var/msgs/bounds file:
-rw-rw-r-- 1 daemon staff 4 Mar 14 03:16 bounds
Is it useful to have a user dedicated to this particular file?
Can't it be owned by another user?
- The news user doesn't own any file. Anyway, it's mandatory to
have a news user when installing INN. My question is: should
the news user be distributed in the standard passwd file
whereas INN is not in the standard NetBSD distribution? Then
why not distribute more users such as ftp, pop or postfix, just
in case? I'd rather have a range of uids reserved for this
kind of things and the range clearly indicated in the passwd(4)
man page or somewhere else in the NetBSD documentation.
pkg_add could also make good use of this if it needs to create
a dedicated user for a particular program.
- The ingres and falken user doesn't own any file.
Maybe the great spring housework of /etc/passwd could go a little
further...
--
Marc Baudoin -=- <babafou@babafou.eu.org>