Re: exploring debian's users and groups
Joey Hess <joeyh@debian.org> writes:
> sync:
>
> The shell of user sync is /bin/sync. Thus, if its password is set
> to something easy to guess (such as ""), anyone can sync the system
> at the console even if they have no account on the system.
>
> HELP: If that is the only purpose of user sync, then group sync
> seems not very useful. The sync user could just as well be in
> nogroup.
It's also a big security hole if you leave it without a password. Then
you may login via an xdm session.
> operator:
>
> Operator is historically (and practically) the only 'user' account
> that can login remotely, and doesn't depend on NIS/NFS.
When using dump/restore, dump sends a message via ttys to all members
of the operator group when a tape needs to be rotated.
> disk:
>
> Raw access to disks. Mostly equivilant to root access.
>
> HELP: Well, I have some disk devices in /dev/ owned by the group,
> but I can't see the point. On another system, I noticed that some
> of the files lilo puts in /boot/ are also owned by disk. I
> can imagine local uses for such a group, like if you want to
> give some users in the group direct access to some hard disk.
> But these uses I've found on my systems seem to preclude
> doing that easily; if I put a user in group disk here, they'd
> have write access to the root filesystem.
Very useful for backup (dump) programs. They can be ran with the disk
and tape group without requiring root access.
Phil.
Reply to: