When did Marcy indicate she didn't know the purpose of these accounts?

I think we all get (how could we not by now) that you think it's a bad idea
to remove 'system' ids.   That's a valid approach -- but it's not helpful to
Marcy - who obviously disagrees (as do I).

I'm glad you wouldn't be disturbed by user/accounts that you, the sysprog,
deleted and finding them magically restored.   I am, Marcy is - and you are
not helping.

Scott

On Tue, Nov 3, 2009 at 9:35 AM, Jack Woehr <[email protected]> wrote:

> Alan Altmark wrote:
>
>> Marcy's question wasn't unreasonable and neither is the policy to remove
>> unnecessary account ...
>>  But to implement the policy, *someone* has to be the
>> arbiter of "necessary", and I don't think it should be the system that's
>> being audited!
>>
> In the specific instance, most estimable Alan, your general guidance is
> wrong.
>
> Marcy was asking for help in deleting accounts she did not know the purpose
> of,
> /and/ the system /is/ the arbiter in that these system accounts own system
> files
> which are orphaned if the system accounts are deleted.
>
> In a worst-case scenario (that's what security planning is about, right?)
>
>  1. ftp system files are orphaned by deleting the account
>  2. a user account re-using the uid number for the vanished ftp
>     account is accidentally created
>  3. Joe User gets control of FTP.
>
> /That's/ the sort of "security" result you get from dutifully following
> directives issued by ignorami
> endowed with Papal Infallibility.
>
>
> --
> Jack J. Woehr            # «'I know what "it" means well enough, when I
> find
> http://www.well.com/~jax <http://www.well.com/%7Ejax> # a thing,' said the
> Duck: 'it's generally a frog or
> http://www.softwoehr.com # a worm.'» - Lewis Carroll, _Alice in
> Wonderland_
>
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
>

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to