Charles Steinkuehler wrote:
>
> > As always, this is truly superb stuff! Bravo, Charles !!!
> >
> > Couple questions, even though these items appeared in RC5:
> >
> > [1] What is the purpose of the ``leaf'' user?
>
> It was in Jacques' example passwd file...I added it mainly as a 'stub' entry
> for pointing to if someone wanted to add/create a new user account. It
> should not be used in most instances (having actual user accounts on your
> firewall isn't necessarily all that useful or prudent), so I changed the
> /etc/shadow entry for this user to dis-allow logins by default.
>
> > [2] Should /home/leaf exist -- provided that we agree that such an user
> > ought to exist?
>
> Probably, but let's see if I can rationalize my way out of an
> oversight...Hmm...making a directory isn't that hard, and other than a
> .profile entry, which isn't really necessary, it's just a place-holder
> taking up space in /root...if we add a .profile entry, it takes up even more
> space...but perhaps the best excuse..er reason it's not there, is you
> shouldn't really create user accounts in the first place, and I did really
> intend the leaf user to be either a stub entry you'd modify, or or a default
> entry for any non-root owned files you might want to put in a package (so
> they don't come up as user 100 on ls -l listings).
As I studied these /etc/passwd inclusions, trying to decide their
ultimate fate, it occured to me that if I made root unable to login and
put leaf into a high numbered GID, subscribed to nothing, and an
isolated home directory, then the only way to gain login access would be
through this account and then su to root . . .
Obviously, I, too, am not persuaded -- what are the merits and dangers
of such logic?
Perhaps, as you say, this is only an example to be followed by those
adventurous enough to really want user accounts -- ought this passwd
entry rather be:
# leaf:x:100:1000:Default User:/home/leaf:/bin/sh
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
