Hi Arto,

Arto Jonsson wrote on Sun, Mar 23, 2014 at 08:09:02PM +0200:

> Or should this check removed completely?

Yes, and Gleydson Soares has Andrew's and my OK for removing
check_ftpusers() completely.

I don't think checking for "nobody" is needed.
Hopefully, "nobody" will have no password set up, anyway.

Yours,
  Ingo


> Index: security
> ===================================================================
> RCS file: /cvs/src/libexec/security/security,v
> retrieving revision 1.23
> diff -u -p -r1.23 security
> --- security  21 Mar 2013 09:37:37 -0000      1.23
> +++ security  23 Mar 2014 18:07:11 -0000
> @@ -287,11 +287,11 @@ sub check_ksh {
>       }
>  }
>  
> -# Root and uucp should both be in /etc/ftpusers.
> +# nobody should be in /etc/ftpusers.
>  sub check_ftpusers {
>       my $filename = '/etc/ftpusers';
>       nag !(open my $fh, '<', $filename), "open: $filename: $!" and return;
> -     my %banned = qw(root 1 uucp 1);
> +     my %banned = qw(nobody 1);
>       while (<$fh>) {
>               chomp;
>               delete $banned{$_};
> 

Reply via email to