Jeff- Jeff Wrote: > > Is this just a "purity" thing from your point of view, or do you have a > firm reason for not wanting a home directory? > Nah, I just didn't see why a home directory was needed, and I'd thought the bug 3314 had to do with creating the directory twice. Based on results with the -M option (as described in my last post), clearly I was mistaken. I'm not often adding and modifying user accounts, so its probably just ignorance on my part. I fully agree with you regarding the security implications of giving a user a shell when it's unneccessary. There could be security implications to giving a user access to a directory on a filesystem shared with system binaries also (for more reading on this, see URLs http://www.hackinglinuxexposed.com/articles/20031111.html and http://www.hackinglinuxexposed.com/articles/20031214.html), which could be construed as an argument for "purity," although without a shell, I figure that argument is moot.
Jeff Wrote: > > On the useradd, what about the -s bit to get rid of the login shell? See my last post. The -s /sbin/nologin bit worked fine, I think. How do I reproduce the "slight" SELinux problems you alluded to? The .spec.build file portions posted on my next-to-last post are from the "stock" slimserver RPM as represented in the latest nightly build of the 6.3 (bug-fix) branch. If you want to see the whole .spec.build file (modified with your suggestions) and the perl script that processes it, just unpack the tarball (I attached to my last post) in an empty directory. -al -- Al Pacifico ------------------------------------------------------------------------ Al Pacifico's Profile: http://forums.slimdevices.com/member.php?userid=5640 View this thread: http://forums.slimdevices.com/showthread.php?t=23594 _______________________________________________ unix mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/unix
