Re: Base-passwd issues
Galen Hazelwood writes:
> Okay, it's obvious that my new base-passwd release has gone over like a
> lead balloon. Oddly enough, nobody complained when I floated my ideas
> on debian-devel a long time ago, and when I released it to experimental,
> all I got was complements (and a few reasonably easy bug reports). Then
> I put it in unstable, and WHAM!
:-)
> Giuliano P Procida wrote:
> > 1. The stupidity is in the lack of prompting. Renaming, numbering or
> > deleting users and groups must be done with the sysadmin's consent.
> > Prompting for cornfirmation should be onby default.
>
> The uids between 0 and 99 are sacred, and allocated globally on all
> Debian systems. Since no program can tell the difference between your
> changes and obsolete stuff which needs changing, I'll add prompting to
> update-passwd, but that (in my mind) destroys the whole point of the
> package: perfectly transparent and automatic upgrades. Any newbies who
> actually run update-passwd will get scared by the prompting and start
> saying "no", and their passwd and group files will never get upgraded.
> :(
I agree that we should have less prompts. However, this one might be a good
idea. But anyway, you shouldn't change 0-99 by hand! But base-passwd should
be able to handle automatic adjustments like lshell changing the shells. But
then I wonder if it would be better to not change the shells for user 0-99
in lshell's postinst.
> > 3. Why no ftp or dos groups? What group would you put in their place?
>
> I asked people about adding an ftp group to the master passwd file, but
> was told that the mere _existance_ of an ftp user (on an system which
> doesn't want to do anonymous ftp) constitutes a security hole. Is this
> true? If not, I'll go ahead and put it in as UID 11.
Yes, it is. Please keep user ftp out of it.
Michael
--
Dr. Michael Meskes, Project-Manager | topsystem Systemhaus GmbH
meskes@topsystem.de | Europark A2, Adenauerstr. 20
meskes@debian.org | 52146 Wuerselen
Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: