Subject: Re: Minor /etc/security problems
To: Martin J. Laubach <mjl@emsi.priv.at>
From: Curt Sampson <cjs@cynic.net>
List: tech-security
Date: 12/30/1998 15:07:15
On Wed, 30 Dec 1998, Martin J. Laubach wrote:

>   For one, it's inconsistent with all the other packages -- NetBSD
> doesn't ship with a http, a squid, a backup, a you-name-it account,
> just because someone somewhere might have a need for it.

Well, the web server and squid normally run as `nobody.' Operator
fulfulls the function of a `backup' account. We already have a news
account, despite shipping with no news software. We're planning to
add `mail' for postfix.

>   Perhaps the description of a package should mention that it will
> create a new account if not already there, so one can create one
> with whatever UID one likes before. Or perhaps the packages shouldn't
> create accounts on their own at all (I'd prefer that variant, I was
> quite upset when the amanda package created a 'backup' user), but
> instead just complain that the account is not there, and one should
> pretty please create it beforehand.

Well, what is most important to me is just to have a standard set
of UIDs and passwd entries for all this stuff. It doesn't have to
be in the master.passwd file as shipped. What about reserving all
IDs below 100, and shipping a separate file that contains master.passwd
entries for these IDs? Then those of us who want the standard IDs
can just copy the ones we want into master.passwd.

However, I'd still prefer shipping them all in master.passwd to
start with. The reasons for this are as follows:

1. Experienced administrators, I should think, always edit
master.passwd to their taste on system startup anyway, and thus
can remove these IDs quite easily. (There are several files in this
category; inetd.conf is another one that generally is going to be
edited by any security-conscious admin.)

2. Novice users will find life easier if they can add binary packages
like MySQL and have it run securely (not as root) without having
to deal with adding a userid.

3. I don't see any real security problems with having users in
master.passwd that have the password set to * and /sbin/nologin as
the shell.

cjs
--
Curt Sampson  <cjs@cynic.net>   604 801 5335   De gustibus, aut bene aut nihil.
The most widely ported operating system in the world: http://www.netbsd.org