Scott Rohling wrote:
Interesting -- then it isn't getting recreated from /etc/shadow or
something...
Maybe there is some option that keeps maintenance from doing this -- but
failing that, I'd consider this behavior a security issue. If the
maintenance wants to complain (as it would on zVM for example if FTPSERVE
was missing) that it can't apply the maintenance or something is missing --
that's fine. But actually creating accounts isn't... That would
invalidate many security scans I know about at various customers...
So - not much help from me, other than if 'games' is a required system
account - I guess the joke's on us ;-) Maybe someone else has insight on
ways to keep this from happening...
If you're not actually using /etc/passwd etc for authentication for
normal users, this probably wins:
chattr +i /etc/passwd
--
Cheers
John
-- spambait
[email protected] [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390