[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#3189: nvi over-cautious about .exrc?

Bruce Perens:
> We really do have to create a new user account as soon as the system is
> brought up, because until we do that we have no good destination for
> root and postmaster mail, and we _don't_ want that user to spend a lot
> of time logged in as root for obvious reasons. After dselect runs,

Yes, I know.  But if you know what you're doing...  Let's not try to be
more clever than the user is - it's not Win95 installation after all.

> there are a number of system accounts and one user account, and a user
> who is concerned with this can edit /etc/passwd and /etc/group and
> change the group of that one account without much trouble at all.

Not much trouble if it is just one machine.  Some time ago I had to
install 10 machines as X workstations which don't need to handle mail
at all, and need no user accounts (NIS).  I had to answer all these
questions about user names and passwords only to delete these accounts
later.  I don't want to do unnecessary work, lazy me :-).  FYI, when
I installed SCO OpenServer 5, it asked me for root password (Debian
does it too, good), but didn't require that I create a new user account

How about a compromise:

 It is highly recommended to create a new user account now.  It will be
 used as the destination for root and postmaster mail, and it is generally
 a good idea to avoid using the root account unless absolutely necessary.
 Unless you know what you're doing, please answer "y" to the following

 Do you want to create a new user account now? [y]

> As a policy, I would prefer to make the most general case work very
> well, and make the more esoteric cases do-able with some amount of user
> effort. I think that's where we are now - all users are set up with a
> useful group that they can use to provide access to their own files to

Hmm.  I can't chgrp my own files to any group I am not a member of (it
results in the "Operation not permitted" error).  I guess we need to
wait for Access Control Lists (expected in Linux 2.1.x - I saw a posting
from Remy Card saying that he is working on it) to be able to do that...


Reply to: