Leslie Turriff wrote:
On Tuesday 03 November 2009 19:42:12 John Summerfield wrote:
I think removal of accounts, as opposed to disabling them, is not
something to undertake lightly. It might be that data there could be
required for legal purposes - recently in a public company in Australia
was reported to have embezzled a few million dollars. Enough that, when
the money was found, the company's share price doubled. Probably, the
user's files reflected her activities. Illegal activites aside, there
may be notes, saved emails and the like stored there and nowhere else
that may reflect agreements made and which someone else might need to
know about after they've left.
All of your comments are correct, and all of the installations where I
have
worked have checklists and procedures for handling the removal of such
accounts, which include the identification and either removal or reassignment
of related files before the account is removed; but these do not cover the
case of an unidentified account which is owned by no identifiable entity and
has no apparent use except to provide a possible weakness in the system's
The accounts in question and their purposes have been identified.
security merely by existing. (One may believe that since it is a "nologin"
account, etc., that there is no chance that in the future some hacker might
find a way to exploit its existence, but history has shown that such beliefs
are not safe ones.) The policy of most enterprises that unused accounts
If someone can change a nologin account to a login account, you're
already screwed. And, that someone can also create new accounts.
should not exist on the system unless they can be justified as serving a
business purpose is valid for accounts such as games as well as for accounts
defined by the system administrators.
If the only purpose for the games account is to collect high-score
numbers
for accounts where games are used, it has no purpose on a business server,
and it should not be included in such a distribution. It is hard for me to
believe that an account with such a minimal purpose cannot be excluded
without causing a cascade of problems in the rest of the system, and it seems
to me that the distributors of SLES and RHEL should have excluded them long
ago.
I think that the suggestion of seeking assurance from the vendor that
the removal of these accounts poses no problem is sound. I would also
recommend asking the vendor that no unnecessary system accounts be
created. Any local action is but a crudish hack, and the problem will
recur, either immediately as Marcy found out, or later when installing
from vendor media, and nor will these hacks solve the matter for other
users.
I also think it sound to bring these accounts to the auditors' attention
(since in this case they seem not to have noticed yet) and discussing
with them what should be done, what the alternatives and risks are.
It seems to me most here have a problem with the name. Here are some
other names I have on my RHEL-clone:
news
operator
gopher
rpm
gdm
sabayon
tomcat
shutdown
halt
Those last two actually have a login shell that doesn't immediately log
you off, instead halt would shut down the system. Some of the others
also have a working login shell.
If the games account represents a security problem, then so do those.
--
Cheers
John
-- spambait
[email protected] [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390