Scott Rohling wrote:
Interesting -- then it isn't getting recreated from /etc/shadow or
something...

Maybe there is some option that keeps maintenance from doing this -- but
failing that, I'd consider this behavior a security issue.  If the
maintenance wants to complain (as it would on zVM for example if FTPSERVE
was missing) that it can't apply the maintenance or something is missing --
that's fine.   But actually creating accounts isn't...   That would
invalidate many security scans I know about at various customers...

So - not much help from me, other than if 'games' is a required system
account - I guess the joke's on us ;-)   Maybe someone else has insight on
ways to keep this from happening...

If you're not actually using /etc/passwd etc for authentication for
normal users, this probably wins:
chattr +i /etc/passwd



--

Cheers
John

-- spambait
[email protected]  [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to