On Tue, 20 Aug 2002, Johannes Graumann wrote: > Hello, > > Tiger run for the first time last night on my newly installed DEBox. > Amongother messages I got the following statements: > # Checking accounts from /etc/passwd. > --WARN-- [acc001w] Login ID nobody is disabled, but still has a valid > shell (/bin/sh). > --WARN-- [acc006w] Login ID mail's home directory (/var/mail) has group > `mail' write access. > --WARN-- [acc006w] Login ID nobody's home directory (/home) has group > `staff' write access. > > I'm new to the business of system administration and not quite shure on > how to react to this. A 'chmod'-variety for the first and last? Also: what > is this 'nobody' user? Program/demon specific? Can I, should I get rid of > it? Nobody is necessary, AFAIK. I know that Apache as compiled from source with defaults runs as nobody. As far as its shell, you should be able to change it to /bin/false with no ill effects.
/var/mail needs to have group mail write access. /home can be changed, unless you want to permit normal users in the "staff" group to manage user home directories, instead of just root. > > Tiger also complained that > /sbin/bastille-firewall-reset > /sbin/bastille-firewall-schedule > /sbin/bastille-ipchains > /sbin/bastille-netfilter > are not supposed to be present - but after 'bastille' setup they are > supposed to be here. How do I teach this to tiger? I suppose it is doable > with those 'templates'? Have found no documentation on what that is/how > itworks/how to set it up and would greatly appreciate any hint concerning > this. sorry, i'm not a tiger user myself... > > Thank you, Johannes > > > -- Scotty: Captain, we din' can reference it! Kirk: Analysis, Mr. Spock? Spock: Captain, it doesn't appear in the symbol table. Kirk: Then it's of external origin? Spock: Affirmative. Kirk: Mr. Sulu, go to pass two. Sulu: Aye aye, sir, going to pass two.
