Joerg Schilling schrieb: > Brian Cameron <Brian.Cameron at sun.com> wrote: > >>>>> nobody:x:60001:60001:NFS Anonymous Access User:/: >>>>> noaccess:x:60002:60002:No Access User:/: >>>>> nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: >>>> Since these users do not have valid shells specified, these would not >>>> be shown. >>> A blank entry in the shell field indicates the system default shell should >>> be used - on Solaris& OpenSolaris, that's "/bin/sh", which is a valid >>> shell. If you're skipping those because they're blank do you also skip >>> non-system accounts using that shorthand? >> Correct. The way the code works is that it calls fgetpwent() and if >> /etc/passwd contains no value, then that account does not show up in the >> Face Browser. So, users would need to avoid using the shorthand if they >> want the user to show up in the GDM Face Browser. >
> Giving any kind of information about known user names is considered a > security > risk since aprox. 35 years on UNIX. > Hum. User names are not really secrets either. And other desktop OSs have had browsable user lists on their login screens by default and that isn't generally considered a breach of security. But in environments where knowledge of user names is a security issue, you either shouldn't offer a graphical login (remote graphical login is off by default) or make sure this feature is switched off. > Is this "show ID featur" an optional feature, or is it enabled by default? > BTW: Usually this doesn't show IDs (i.e user names in the UNIX sense), but human-readable names, probably taken from the 'gecos' fields, if available. It is optional. upstream has it enabled by default. - J?rg -- Joerg Barfurth Software Engineer mailto:joerg.barfurth at sun.com Desktop Technology Thin Client Software http://www.sun.com/software/sunray/ Sun Microsystems GmbH http://www.sun.com/software/javadesktopsystem/
