I've been hesitant to throw additional fuel on an already robust fire,
but... Having been through the proverbial mill on this topic in a
previous life, allow me to pose a question:
- Can anybody cite an URL for any specification of predefined system
accounts ("games" or otherwise) beyond root that are declared to be part
of the Linux, Unix or POSIX system specification? Not the numeric uid
or gid, but the account names themselves?
Efforts years ago, when dealing with auditors in a situation not
dissimilar to Marcy's, to find a system specification were unfruitful.
I haven't devoted a huge amount of time to investigation this morning,
but still couldn't find a document.
I ask because when I had my turn in the barrel on this topic, the
question came down to one simple issue: Is this part of a formal system
specification, or a vendor / branding / packaging convention? If there
is a formal system specification, that's one thing. If it's convention,
that puts the question in an entirely different context -- at least as
far as my auditors were concerned.
Absent a formal system specification to appease the auditor, we deleted
the accounts in question. No fuss, no muss, no bother, and no bitter
after-taste.
The auditor is neither your friend nor your enemy -- and if they were
systems gurus like we are, they would be living in the lap of luxury
we've all become accustomed to instead of depending on their auditor
credentials to sustain them in a box underneath a bridge...
-dan.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390