Spake the keyboard of Marcy Cortes: > I keep getting rid of this userid /etc/passwd, and something puts it back. > SLES 10. > How do I make it stop doing that? > Also uucp and ftp. > > Bad bad bad.
The technical answer to this I think is that those IDs come in the filesystem package; at least /usr/games does. Unfortunately that gets updated frequently, and /usr/games and the games ID thus crawl back in every time. The logical solution is for Audit to be reasonable. That isn't a promising avenue of approach. The easy technical hack is to do a "userdel -r games" after every update. A more process-oriented solution is to update the security plan to say these things will exist in because the vendor et cetera et cetera. A nice solution would be if SLES didn't install these users. I'm not sure why they decided to create them and then lock them down but it's defensible; whether it's right or not I don't think it's changing. A perfect-world solution is to rewrite Linux package management so it adds patches like Solaris does. That way the package only gets installed once (everything else is just a change to the package) and the userids stay deleted. Hey: we have the source! (It is admitted that this may be perfect only for this particular problem.) One could also do nothing and try to find another position before the next audit... Ted Rodriguez-Bell Enterprise Virtualization - z/VM and z/Linux [email protected], 415-243-6291 -- Company policy requires: This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
