Re: shell of place-holder accounts (shouldn't be a valid shell)

To: debian-devel@lists.debian.org
Subject: Re: shell of place-holder accounts (shouldn't be a valid shell)
From: john@dhh.gt.org
Date: 31 Jul 1998 17:57:39 -0500
Message-id: <[🔎] 87lnp9hbmk.fsf@hasler.dhh>
In-reply-to: cdulrich@ucdavis.edu's message of Fri, 31 Jul 1998 14:35:01 -0700
References: <[🔎] 199807312135.OAA11244@dilbert.ucdavis.edu>

Chris Ulrich writes:
> If a security hole in a program or a misconfigured machine allow a remote
> badguy to put a .rhosts or .ssh/authorized_keys file into the home
> directory of a 'place holder' account, that account suddenly allows the
> badguy onto the machine.  Because the placeholder accounts have home
> directories all over the filesystem, almost any innocent NFS
> misconfiguration may allow this to happen.

> I think, though, that the cost of changing these account's shells to
> /bin/false is not high at all.  In situations where the account is
> sometimes used for interactive logins or is accessed by su, it is
> reasonable to give that account a live shell, but this should only be
> done on an as needed basis.

Can't many of these accounts get by with no home directory?  Perhaps the
prototype passwd entry for these accounts should be something like

	dummy:*:999:999:::/bin/false

and the policy should say that even if the account needs a shell the home
directory field should be left empty if possible.
-- 
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI


--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- shell of place-holder accounts (shouldn't be a valid shell)
  - From: cdulrich@ucdavis.edu (Chris Ulrich)

Prev by Date: Re: Archive Restructuring - Package Pool
Next by Date: Re: "goals" for slink: FHS
Previous by thread: shell of place-holder accounts (shouldn't be a valid shell)
Next by thread: Intent to package gstalker
Index(es):
- Date
- Thread