As part of our security audit on any new boxen we deploy, we remove all spurious usernames from /etc/passwd and /etc/shadow However, when we updated aaa_base from ftp.suse.com, the RPM update gives this output: Updating /etc/passwd...unchanged Updating /etc/shadow...unchanged But it does change it - it restores all the spurious usernames (zope, amanda, codadmin etc etc) Surely all these usernames are not contained in the package's post-install script, so does it read them from somewhere else? (And really, why does it say it is leaving the files unchanged, when it clearly isn't?) -- James Ogley, Unix Systems Administrator, Pinnacle Insurance Plc james.ogley@pinnacle.co.uk www.pinnacle.co.uk +44 (0) 20 8731 3619 Using Free Software since 1994, running GNU/Linux (SuSE 8.0) Updated GNOME RPMs for SuSE Linux: www.usr-local-bin.org *********************************************************************** CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Pinnacle Insurance Plc. If you have received this e-mail in error please immediately notify our Helpdesk on +44 (0) 20 8207 9555. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************