On Tuesday 03 November 2009 11:55, Jack Woehr wrote:
>Well, in any case, now Marcy is committed to:
It's actually a lot simplier than this, Jack.
> * removing the accounts
Run "userdel games && groupdel games".
> * validating that pam.conf disallows the reassignment of these accounts
How is PAM involved in this? PAM doesn't assign accounts, it is just an
authentication layer. There's nothing to do with PAM.
> * searching for and removing the files and directories, if any,
> owned by the accounts
> o alternatively, finding a safe owner for them
> o Oh, and we haven't even dicussed /group/ memberships yet :)
The search is simple: find / -user 12 -o -group 40 -print
You'll just find /var/games on any reasonably set-up server.
> * /altering/ the install files for /each and every upgrade/ of her
> system so these accounts aren't recreated
Nope. Altering the /var/adm/fillup-templates/{passwd,shadow,group}.aaa_base
files once takes care of this. No need to alter any install packages. You'd
never want to do that anyway.
> * /validating the behavior /of any admin utilities she uses which
> /may /presume the account existence (e.g., said install files)
You might need to do this for the "ftp" account, but for "games"? I wouldn't
waste my time on that.
> * /deducing/ the connection between any surprising later incident
> and the removal of the accounts
This should certainly be considered, and if a look at the log files reveals
a "/var/games: No such file or directory" message from some daemon, I would
be very surprised.
- MacK.
-----
Edmund R. MacKenty
Software Architect
Rocket Software
275 Grove Street · Newton, MA 02466-2272 · USA
Tel: +1.617.614.4321
Email: [email protected]
Web: www.rocketsoftware.com
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390