Prev: INDEX build failed for 6.x
Next: INDEX build failed for 6.x
From: David DEMELIER on 22 May 2010 03:32
2010/5/22 Garrett Cooper <yanefbsd(a)gmail.com>:
> On Fri, May 21, 2010 at 4:53 PM, RW <rwmaillists(a)googlemail.com> wrote:
>> On Fri, 21 May 2010 16:23:18 +0100
>> Florent Thoumie <flz(a)xbsd.org> wrote:
>>
>>> On Fri, May 21, 2010 at 11:11 AM, David DEMELIER
>>> <demelier.david(a)gmail.com> wrote:
>>> > Hi,
>>> >
>>> > I used pkgsrc for a while on NetBSD. I was used to the pkgsrc
>>> > notifications about the users and groups leaves, when some ports are
>>> > removed these leaves are not used anymore. e.g pulseaudio needs some
>>> > users on the system.
>>> >
>>>
>>> This was discussed in the following bug-report:
>>>
>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=108514
>>>
>>> I think the proper solution is to create a +UGIDS file to be able to
>>> maintain a refcount, but the status quo isn't that bad.
>>
>> Personally I'd much prefer to keep them so ls -l, filemanagers etc can
>> continue to use names rather than numbers for any files left behind.
>>
>> IMO the status quo is better than any solution that involves automated
>> deletion.
>
> I agree by and large with RW, but it would be nice if there was an
> audit tool to do this check and suggest whether or not a group should
> be added or removed in general, regardless of whether or not a
> pkg/port was added or removed.
> Thanks,
> -Garrett

Yes, of course I would not have something that remove automatically
without prompting the user. I just wanted something like :

Warning : these users are no long used by the system, you can remove then safely

user1, user2 etc

Cheers.
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: RW on 22 May 2010 07:08
On Sat, 22 May 2010 03:29:38 -0400
jhell <jhell(a)dataix.net> wrote:


> Having unused logins on a system is bad!

Why?
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: jhell on 22 May 2010 07:58
On 05/22/2010 07:08, RW wrote:
> On Sat, 22 May 2010 03:29:38 -0400
> jhell <jhell(a)dataix.net> wrote:
>
>
>> Having unused logins on a system is bad!
>
> Why?

For one example:
This opens up a point of possible access to the system in which its
integrity could be jeopardized. What all the implications are of this is
out of scope for this thread.

But back on topic... The admin should be alerted to user/group deletions
from their system or should be advised that the user/group is going to
be left behind & will be unused.

Regards,

--

jhell
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: RW on 22 May 2010 08:42
On Sat, 22 May 2010 07:58:38 -0400
jhell <jhell(a)dataix.net> wrote:

> On 05/22/2010 07:08, RW wrote:
> > On Sat, 22 May 2010 03:29:38 -0400
> > jhell <jhell(a)dataix.net> wrote:
> >
> >
> >> Having unused logins on a system is bad!
> >
> > Why?
>
> For one example:
> This opens up a point of possible access to the system in which its
> integrity could be jeopardized. What all the implications are of this
> is out of scope for this thread.

These are unprivileged accounts without passwords - you need root
privileges to use them. Nothing is going to be running under them or
they wouldn't be candidates for removal in the first place.
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: jhell on 22 May 2010 11:42
On 05/22/2010 08:42, RW wrote:
> On Sat, 22 May 2010 07:58:38 -0400
> jhell <jhell(a)dataix.net> wrote:
>
>> On 05/22/2010 07:08, RW wrote:
>>> On Sat, 22 May 2010 03:29:38 -0400
>>> jhell <jhell(a)dataix.net> wrote:
>>>
>>>
>>>> Having unused logins on a system is bad!
>>>
>>> Why?
>>
>> For one example:
>> This opens up a point of possible access to the system in which its
>> integrity could be jeopardized. What all the implications are of this
>> is out of scope for this thread.
>
> These are unprivileged accounts without passwords - you need root
> privileges to use them. Nothing is going to be running under them or
> they wouldn't be candidates for removal in the first place.

Are we arguing the point that these should just be left or can we come
to a point like I stated in the previous email that you so gracefully
chopped out that stated: If they are to be left in the system a admin
should be notified or they should be automatically removed upon package
removal.

This is more of a best practices case than what the implications of
leaving users in the master.passwd are.

--

jhell
_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: INDEX build failed for 6.x
Next: INDEX build failed for 6.x