Alan Altmark wrote:
Marcy's question wasn't unreasonable and neither is the policy to remove
unnecessary account ...
But to implement the policy, *someone* has to be the
arbiter of "necessary", and I don't think it should be the system that's
being audited!
In the specific instance, most estimable Alan, your general guidance is
wrong.
Marcy was asking for help in deleting accounts she did not know the
purpose of,
/and/ the system /is/ the arbiter in that these system accounts own
system files
which are orphaned if the system accounts are deleted.
In a worst-case scenario (that's what security planning is about, right?)
1. ftp system files are orphaned by deleting the account
2. a user account re-using the uid number for the vanished ftp
account is accidentally created
3. Joe User gets control of FTP.
/That's/ the sort of "security" result you get from dutifully following
directives issued by ignorami
endowed with Papal Infallibility.
--
Jack J. Woehr # «'I know what "it" means well enough, when I find
http://www.well.com/~jax # a thing,' said the Duck: 'it's generally a frog or
http://www.softwoehr.com # a worm.'» - Lewis Carroll, _Alice in Wonderland_
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390