[...]
Hello all, I posted the following message on the second of October, but unfortunately got no answer. If I have missed something, I apologize. On the second of May 2000 Marc Heuse from SuSE posted an *updated* security announcement regarding the package "aaa_base": 3. Solution 1) Update the package from our FTP server. 2) The root user will receive a email with the accounts listed which have a homedirectory in /tmp. You have to fix this by hand, because some installations might break if they rely on information saved in the (unsafe) /tmp homedirectory. The email will give more information what to do. [...]<< Of course I updated the package immediately. Unfortunately, however, I never got an eMail with information on how to do part 3.2 (I wonder if this happens only to me :-(; I do not find this problem on the list). Currently three users on my *server* system (SuSE 6.2 running httpd, ftpd, samba, and sendmail) have a homedirectory in /tmp: -- games (I haven' t installed any games...) -- wwwrun -- firewall (not installed on _this_ server...) Nobody's homedirectory is in /var/lib/nobody (nobody.nogroup). I changed that some time ago, following the instructions given in another security announcement by SuSE. My questions: What do I have to do in order to secure my system *without* breaking it up?! Should I delete the users 'games' and 'firewall'? Should I move the homedirectory of user 'wwwrun' to /var/lib/wwwrun (wwwrun.nogroup)? Thanks in advance! Kind regards, Peter -- Sent through GMX FreeMail - http://www.gmx.net