Spake the keyboard of Marcy Cortes:
> I keep getting rid of this userid /etc/passwd, and something puts it back.
> SLES 10.
> How do I make it stop doing that?
> Also uucp and ftp.
>
> Bad bad bad.

The technical answer to this I think is that those IDs come in the
filesystem package; at least /usr/games does.  Unfortunately that gets
updated frequently, and /usr/games and the games ID thus crawl back
in every time.

The logical solution is for Audit to be reasonable.  That isn't a
promising avenue of approach.

The easy technical hack is to do a "userdel -r games" after
every update.

A more process-oriented solution is to update the security plan to say
these things will exist in because the vendor et cetera et cetera.

A nice solution would be if SLES didn't install these users.  I'm not
sure why they decided to create them and then lock them down but it's
defensible; whether it's right or not I don't think it's changing.

A perfect-world solution is to rewrite Linux package management so it
adds patches like Solaris does.  That way the package only gets
installed once (everything else is just a change to the package) and
the userids stay deleted.  Hey:  we have the source!  (It is admitted
that this may be perfect only for this particular problem.)

One could also do nothing and try to find another position before the
next audit...

Ted Rodriguez-Bell
Enterprise Virtualization - z/VM and z/Linux
[email protected], 415-243-6291


--
Company policy requires:  This message may contain confidential and/or 
privileged information.  If you are not the addressee or authorized to receive 
this for the addressee, you must not use, copy, disclose, or take any action 
based on this message or any information herein.  If you have received this 
message in error, please advise the sender immediately by reply e-mail and 
delete this message.  Thank you for your cooperation.

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to