Re: Base-passwd issues

To: galenh@apexxtech.com (Galen Hazelwood)
Cc: debian-devel@lists.debian.org (Debian Development)
Subject: Re: Base-passwd issues
From: Michael Meskes <meskes@topsystem.de>
Date: Thu, 19 Mar 1998 10:38:43 +0100 (CET)
Message-id: <[🔎] 199803190938.KAA02436@gauss.topsystem.de>
In-reply-to: <[🔎] 350FFE58.4AB04B0E@apexxtech.com> from Galen Hazelwood at "Mar 18, 98 10:03:20 am"

Galen Hazelwood writes:
> Okay, it's obvious that my new base-passwd release has gone over like a
> lead balloon.  Oddly enough, nobody complained when I floated my ideas
> on debian-devel a long time ago, and when I released it to experimental,
> all I got was complements (and a few reasonably easy bug reports).  Then
> I put it in unstable, and WHAM!

:-)

> Giuliano P Procida wrote:
> > 1. The stupidity is in the lack of prompting. Renaming, numbering or
> >    deleting users and groups must be done with the sysadmin's consent.
> >    Prompting for cornfirmation should be onby default.
> 
> The uids between 0 and 99 are sacred, and allocated globally on all
> Debian systems.  Since no program can tell the difference between your
> changes and obsolete stuff which needs changing, I'll add prompting to
> update-passwd, but that (in my mind) destroys the whole point of the
> package: perfectly transparent and automatic upgrades.  Any newbies who
> actually run update-passwd will get scared by the prompting and start
> saying "no", and their passwd and group files will never get upgraded. 
> :(

I agree that we should have less prompts. However, this one might be a good
idea. But anyway, you shouldn't change 0-99 by hand! But base-passwd should
be able to handle automatic adjustments like lshell changing the shells. But
then I wonder if it would be better to not change the shells for user 0-99
in lshell's postinst.

> > 3. Why no ftp or dos groups? What group would you put in their place?
> 
> I asked people about adding an ftp group to the master passwd file, but
> was told that the mere _existance_ of an ftp user (on an system which
> doesn't want to do anonymous ftp) constitutes a security hole.  Is this
> true?  If not, I'll go ahead and put it in as UID 11.

Yes, it is. Please keep user ftp out of it.

Michael

-- 
Dr. Michael Meskes, Project-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Base-passwd issues
  - From: Galen Hazelwood <galenh@apexxtech.com>

References:
- Base-passwd issues
  - From: Galen Hazelwood <galenh@apexxtech.com>

Prev by Date: orphaning icmake
Next by Date: Re: gtk-dev package bug?
Previous by thread: Re: Base-passwd issues
Next by thread: Re: Base-passwd issues
Index(es):
- Date
- Thread