[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exploring debian's users and groups

Joey Hess <joeyh@debian.org> writes:

> sync:
> 	The shell of user sync is /bin/sync. Thus, if its password is set
> 	to something easy to guess (such as ""), anyone can sync the system 
> 	at the console even if they have no account on the system.
> 	HELP: If that is the only purpose of user sync, then group sync
> 	      seems not very useful. The sync user could just as well be in
> 	      nogroup.

It's also a big security hole if you leave it without a password. Then
you may login via an xdm session.

> operator:
> 	Operator is historically (and practically) the only 'user' account
> 	that can login remotely, and doesn't depend on NIS/NFS.

When using dump/restore, dump sends a message via ttys to all members
of the operator group when a tape needs to be rotated.

> disk:
> 	Raw access to disks. Mostly equivilant to root access.
> 	HELP: Well, I have some disk devices in /dev/ owned by the group,
> 	      but I can't see the point. On another system, I noticed that some
> 	      of the files lilo puts in /boot/ are also owned by disk. I
> 	      can imagine local uses for such a group, like if you want to
> 	      give some users in the group direct access to some hard disk.
> 	      But these uses I've found on my systems seem to preclude
> 	      doing that easily; if I put a user in group disk here, they'd
> 	      have write access to the root filesystem.

Very useful for backup (dump) programs. They can be ran with the disk
and tape group without requiring root access.


Reply to: