Alan Altmark wrote:
Marcy's question wasn't unreasonable and neither is the policy to remove
unnecessary account ...
 But to implement the policy, *someone* has to be the
arbiter of "necessary", and I don't think it should be the system that's
being audited!
In the specific instance, most estimable Alan, your general guidance is wrong.

Marcy was asking for help in deleting accounts she did not know the purpose of, /and/ the system /is/ the arbiter in that these system accounts own system files
which are orphaned if the system accounts are deleted.

In a worst-case scenario (that's what security planning is about, right?)

  1. ftp system files are orphaned by deleting the account
  2. a user account re-using the uid number for the vanished ftp
     account is accidentally created
  3. Joe User gets control of FTP.

/That's/ the sort of "security" result you get from dutifully following directives issued by ignorami
endowed with Papal Infallibility.

--
Jack J. Woehr            # «'I know what "it" means well enough, when I find
http://www.well.com/~jax # a thing,' said the Duck: 'it's generally a frog or
http://www.softwoehr.com # a worm.'» - Lewis Carroll, _Alice in Wonderland_


----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to