* Michael Stone said: > > This change won't affect performance, nor weaken security as you imply > > below. > > Adding a toor account does add a new security issue, which I said > straight out rather than leaving it to implication. (Whether it's a big > one depends on other factors, but it's not without impact.) The toor > account was one of the policy options you suggested. Oh, yes, but I enumbered it just for the record - while it is a solution that works, I don't like it very much for the reason you mentioned. > > Well, take a look at the 2) above. It doesn't add any user, it merely > > changes one startup script and adds one package to the set of base ones. > > Adding a new package to base isn't something that should be done > lightly. And making sash the default single-user shell changes the > behavior of single-user mode unexpectedly (people do use single for > things besides disaster recovery, and this kind of change would not go > unnoticed.) And if you can boot far enough to get into single, sash > isn't likely to help you that much--init needs shared libs, as does > sulogin--so what has it bought you? Well, true, init is also linked dynamically and if it doesn't work, then I'm cooked anyway. But the problem I had was that init worked, dynamic library loading also worked, but bash - the default shell of everyone on the machine including root - didn't work! If I had sash as a single mode shell BY DEFAULT then I would simply boot into single mode, and did all the fixing needed to boot normally. But, since I didn't have sash installed at all (fact is, I didn't even know about it - my fault...) I had to go to another machine copy the appropriately linked bash to a diskette, boot from the rescue disk and install the new bash just to be able to get shell prompt in SINGLE mode. That preparation took me 15 minutes, then what I had to do in single mode took another 15 minutes. For half an hour a production system was off-line, while it could've been 15 minutes at most. The accident I'm describing is a marginal one, of course, but nevertheless it happened - and that's a reason for me to be concerned about something like this happening in the future. That was also the reason why I wrote my original message. greetings, marek
Attachment:
pgpa3MWyPb2og.pgp
Description: PGP signature