Hi Arto,
Arto Jonsson wrote on Sun, Mar 23, 2014 at 08:09:02PM +0200:
> Or should this check removed completely?
Yes, and Gleydson Soares has Andrew's and my OK for removing
check_ftpusers() completely.
I don't think checking for "nobody" is needed.
Hopefully, "nobody" will have no password set up, anyway.
Yours,
Ingo
> Index: security
> ===================================================================
> RCS file: /cvs/src/libexec/security/security,v
> retrieving revision 1.23
> diff -u -p -r1.23 security
> --- security 21 Mar 2013 09:37:37 -0000 1.23
> +++ security 23 Mar 2014 18:07:11 -0000
> @@ -287,11 +287,11 @@ sub check_ksh {
> }
> }
>
> -# Root and uucp should both be in /etc/ftpusers.
> +# nobody should be in /etc/ftpusers.
> sub check_ftpusers {
> my $filename = '/etc/ftpusers';
> nag !(open my $fh, '<', $filename), "open: $filename: $!" and return;
> - my %banned = qw(root 1 uucp 1);
> + my %banned = qw(nobody 1);
> while (<$fh>) {
> chomp;
> delete $banned{$_};
>
