Marcy Cortes wrote:
But Jack,

"Review and remove unnecessary accounts" "unix"
Google it.
I did.
With quotes in place, no hits.
Without quotes, a bit over half a million. One used the term without
defining it. Several say to remove unneeded _user_ accounts.


Anyone security / audit weenie who *doesn't* put that in the policy is probably 
in need of the beginner book or a new job.

One can argue all they want with the auditors about the philosophy and 
correctness of leaving them in, but in reality, the policy is still broken.   
And some of us need our jobs.

I would wish to understand what they think they are gaining. A scientist
 who just accepts conventional wisdom is likely to soon be a former
scientist. It's not about being difficult, but rather trying to do what
is correct, and where one is not better than the other, then making the
choice that makes less work.

Low-numbered (where "low" depends on implementation) UIDs and GIDs are
for system accounts and groups.




--

Cheers
John

-- spambait
[email protected]  [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to