When did Marcy indicate she didn't know the purpose of these accounts? I think we all get (how could we not by now) that you think it's a bad idea to remove 'system' ids. That's a valid approach -- but it's not helpful to Marcy - who obviously disagrees (as do I).
I'm glad you wouldn't be disturbed by user/accounts that you, the sysprog, deleted and finding them magically restored. I am, Marcy is - and you are not helping. Scott On Tue, Nov 3, 2009 at 9:35 AM, Jack Woehr <[email protected]> wrote: > Alan Altmark wrote: > >> Marcy's question wasn't unreasonable and neither is the policy to remove >> unnecessary account ... >> But to implement the policy, *someone* has to be the >> arbiter of "necessary", and I don't think it should be the system that's >> being audited! >> > In the specific instance, most estimable Alan, your general guidance is > wrong. > > Marcy was asking for help in deleting accounts she did not know the purpose > of, > /and/ the system /is/ the arbiter in that these system accounts own system > files > which are orphaned if the system accounts are deleted. > > In a worst-case scenario (that's what security planning is about, right?) > > 1. ftp system files are orphaned by deleting the account > 2. a user account re-using the uid number for the vanished ftp > account is accidentally created > 3. Joe User gets control of FTP. > > /That's/ the sort of "security" result you get from dutifully following > directives issued by ignorami > endowed with Papal Infallibility. > > > -- > Jack J. Woehr # «'I know what "it" means well enough, when I > find > http://www.well.com/~jax <http://www.well.com/%7Ejax> # a thing,' said the > Duck: 'it's generally a frog or > http://www.softwoehr.com # a worm.'» - Lewis Carroll, _Alice in > Wonderland_ > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
