Subject: Re: Unnecessary standard accounts (Was: Root, toor accounts.)
To: Marc Baudoin <babafou@babafou.eu.org>
From: Perry E. Metzger <perry@piermont.com>
List: netbsd-users
Date: 03/15/1999 16:52:28
How about we disable user operator's shell and be done with it?


Marc Baudoin <babafou@babafou.eu.org> writes:
> David Brownlee <abs@anim.dreamworks.com> =E9crit :
> > =

> > 	As an added bonus the operator user is not in the operator group,
> > 	so cannot run shutdown even if you give it a valid password.
> > 	Aaaaah...
> > =

> > 	My inclination wold be to:
> > 	a) Put operator in the operator group. This at least opens the
> > 	   possibility of it being useful as an operator.
> > 	b) Switch its default shell to /sbin/nologin to quiet security.
> =

> Whereas the operator group is extremely useful, I still don't
> think the operator user is.  But your proposal is OK if you want
> to keep the operator user.
> =

> -- =

> Marc Baudoin   -=3D-   <babafou@babafou.eu.org>