Re: Opinions on operator's home directory?

To: debian-devel@lists.debian.org, 198943@bugs.debian.org
Subject: Re: Opinions on operator's home directory?
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 20 Jan 2004 01:29:22 +0000
Message-id: <[🔎] 20040120012922.GA29148@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org, 198943@bugs.debian.org
In-reply-to: <[🔎] 20040115163835.GI1478@alcor.net>
References: <[🔎] 20040115160156.GA1883@riva.ucam.org> <[🔎] 20040115163835.GI1478@alcor.net>

On Thu, Jan 15, 2004 at 08:38:35AM -0800, Matt Zimmerman wrote:
> On Thu, Jan 15, 2004 at 04:01:56PM +0000, Colin Watson wrote:
> > For reference, /usr/share/doc/base-passwd/users-and-groups.txt.gz says:
> > 
> > operator
> > 
> >     Operator is historically (and practically) the only "user" account
> >     that can login remotely, and doesn't depend on NIS/NFS.
> > 
> >     In BSD, the operator user can read and write to tapes and read from
> >     disks, so that operators can perform backups. For some reason Linux
> >     seems to have lost this.

Apparently, historically, operator existed only to run dumps, and was in
group root so that it could do so. operator in Debian has never been in
group root and I don't recall anyone ever complaining.

[quoting reordered slightly]

> > At the moment, I'm inclined simply to use /. I can arrange for existing
> > installations not to be changed, which would also mean that people can
> > safely change operator's home directory locally.
> 
> Using / makes it it problematic to actually use the account for anything
> (which, as noted above, doesn't seem to be a problem in Debian at the
> moment).

That I don't see; if it's only there to run dumps then it probably
doesn't need a writable home directory. Still, if it's useless ...

> Why not just remove it if so?  I don't think that any relevant
> standard requires us to have it.

> I wouldn't mind if operator went away entirely; as far as I know it has no
> privileges anyway.

On Thu, Jan 15, 2004 at 08:17:34PM +0100, Marco d'Itri wrote:
> On Jan 15, Colin Watson <cjwatson@debian.org> wrote:
> > Does anyone have any other opinions?
> 
> Who cares? In a SELinux world (in the modern linux world, actually)
> this user is pointless, because we have better ways to distribute
> privileges to users. I say to just kill it.

OK, I'm persuaded. This is a last call: if you object to the operator
user no longer being in /etc/passwd on fresh installs, shout now and
give your reasons. It will not be removed from existing systems.

The operator group will remain, since it appears to be hard-coded into
dump(8) for the -n option.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: Opinions on operator's home directory?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Opinions on operator's home directory?
  - From: Marco d'Itri <md@Linux.IT>
- Re: Opinions on operator's home directory?
  - From: Andrew Pimlott <andrew@pimlott.net>

References:
- Opinions on operator's home directory?
  - From: Colin Watson <cjwatson@debian.org>
- Re: Opinions on operator's home directory?
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: bad UDP packets sent to debian FTP mirrors
Next by Date: Re: Opinions on operator's home directory?
Previous by thread: Re: Opinions on operator's home directory?
Next by thread: Re: Opinions on operator's home directory?
Index(es):
- Date
- Thread