netbsd-advocacy: Re: root, toor, csh, sh... (LONG)

Subject: Re: root, toor, csh, sh... (LONG)
To: Marc Baudoin <babafou@babafou.eu.org>
From: John Nemeth <jnemeth@cue.bc.ca>
List: netbsd-advocacy
Date: 03/18/1999 21:43:25
  by redmail.netbsd.org with SMTP; 19 Mar 1999 05:43:44 -0000
	by cue.bc.ca (8.9.1/8.9.1) id VAA15936;
	Thu, 18 Mar 1999 21:43:25 -0800
Date: Thu, 18 Mar 1999 21:43:25 -0800
From: John Nemeth <jnemeth@cue.bc.ca>
Message-Id: <199903190543.VAA15936@cue.bc.ca>
In-Reply-To: Marc Baudoin <babafou@babafou.eu.org>
       "root, toor, csh, sh... (LONG)" (Mar 16,  9:55pm)
To: Marc Baudoin <babafou@babafou.eu.org>, netbsd-advocacy@NetBSD.ORG
Subject: Re: root, toor, csh, sh... (LONG)

On Mar 16,  9:55pm, Marc Baudoin wrote:
}
} I love NetBSD because it runs on so many architectures.  This

     This is one of my big reasons for choosing NetBSD as opposed to
say, FreeBSD.  Because of its portability, I feel that NetBSD is more
true to the spirit of UNIX.  I realise that this is a religious
argument, but so be it.

} feature is not an accident, it's a direct result of the clean
} design of the kernel.  But we should also care about the
} cleanliness of the userland.

     Although more work can be done in this area, I feel that NetBSD
is already one of the cleanest systems.  I feel that rc.conf is much
cleaner and more flexible (not to mention easier to configure) then
the abomination that rc?.d/* is.

} I'd really like NetBSD to spread and have a wider impact than it
} already has.  Much work has been done and much work still needs
} to be done.

     I would like to see that too, but not at the expense of its
cleanliness.

} I think our main concern in this discussion should be new users,
} should they be novice, advanced or in between.

     These groups have different requirements.  It's very hard to
cater to everybody at the same time, without making a mess of the
whole thing and annoying everybody.

} The fact that the standard NetBSD installation ships a second
} root account (the famous toor) that triggers a warning in
} /etc/security and phony accounts that doesn't seem necessary
} (operator) or even are not necessary (news, ingres and falken) is
} wrong, or so I think.

     Whenever you get a warning, you have to ask "Is it the warning or
the thing that is being warned about that is wrong?"

} toor is wrong because it gives a sentiment of poor security in
} NetBSD (even if it's disabled, it's still a second root account

     People that get a sentiment of poor security from that don't know
anything about security.  A disabled account with the same uid as
another is security neutral (it neither enhances nor detracts from the
security of the system).

} always been like that.  Tradition and the technical ideal of
} NetBSD don't mix well...

     Maybe not always, but many times they do.

}-- End of excerpt from Marc Baudoin