AW: [suse-security] Info on passwords
when i install suse my passwd file have a lot of users, like dbmaker and so on. How can i know these users password ? Um Abraco.
to increase the system-security set the shell of this user to "/bin/false"
Michael Hamm wrote:
when i install suse my passwd file have a lot of users, like dbmaker and so on. How can i know these users password ? Um Abraco.
to increase the system-security set the shell of this user to "/bin/false"
i would not do this, some of these users have to run a shell to execute regular tasks - but i do not know which of them ;-) - setting the shell to /bin/false would prevent them from doing this ... suse: can you please state for which users in /etc/passwd this would be acceptible and which have to run a shell? *greetz* from vienna Hannes -- Johann Georg Hautzinger, email: trema@eic.at, Tel.: 531 00 1907 Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier Boersegasse 14, 1010 Wien http://treasury.erstebank.at
On Tue, Nov 30, 1999 at 09:41:23AM +0100, Johann G. Hautzinger wrote:
to /bin/false would prevent them from doing this ... suse: can you please state for which users in /etc/passwd this would be acceptible and which have to run a shell?
Hi all, Personally I think it is ridiculous that I have users: informix, db2[...], amande, virtuouso etc etc when I don't use or intend to use them on this boxen. Why should I have all these accounts and they are not even attached to *real* users or processes? Can you not make the installation remove the users that are not needed and install the users when an app does need them? I can understand why you might have done it this way, but there is a better solution to addressing the needs of the new linux user. tflat -- _________________________________________________________ James F. Wilkus http://www.xnot.com/editek Licq 10933411 geek by nature, linux by choice
Why should I have all these accounts and they are not even attached to *real* users or processes? Can you not make the installation remove the users that are not needed and install the users when an app does need them? I can understand why you might have done it this way, but there is a better solution to addressing the needs of the new linux user.
It's actually the item that annoys me most with a freshly installed SuSE system: I have to clean it up. 80% of /etc/skel/ is superflous, /etc/passwd and /etc/shadow is a mess, quite a few empty directories are hanging around etc. And yes, I think it's a security issue. A few unneeded services are running without my explicit permission. That's the wrong way round. Andre' -- Andre' Poenitz ...................... poenitz@mathematik.tu-chemnitz.de
Quoting Michael Hamm (Michael.Hamm@eurobase.lu) on Tue, Nov 30, 1999 at 09:06:58AM +0100:
when i install suse my passwd file have a lot of users, like dbmaker and so on. How can i know these users password ? Um Abraco.
to increase the system-security set the shell of this user to "/bin/false"
Do this only on 6.3. For anything below that, write your own false program to replace the delivered shell script: main () {exit (123)}; cheers afx -- SuSE Muenchen GmbH Phone: +49-89-42769-0 Stahlgruberring 28 Fax: +49-89-42017701 D-81829 Muenchen, Germany May the Source be with you!
participants (5)
-
Andre' Poenitz
-
Andreas Siegert
-
James F Wilkus
-
Johann G. Hautzinger
-
Michael Hamm