Your message dated Fri, 01 Nov 2013 11:49:39 -0400
with message-id <[email protected]>
and subject line libuuid1: creates an account with a valid shell
has caused the Debian Bug report #588367,
regarding libuuid1: creates an account with a valid shell
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
588367: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588367
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libuuid1
Version: 2.17.2-3.1
Severity: normal
I don't entirely understand why this shared library needs to create a
system account, but when the postinst does so, it creates an account
with a valid shell. There shouldn't be any need for this, and it is
not considered a best practice for system accounts to have valid login
shells. (I noticed this when an auditor asked me why the account had
a valid shell on our systems.)
Please change the postinst script for libuuid1 to create a user with a
shell of /usr/sbin/nologin or /bin/false or something similar.
Thanks!
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libuuid1 depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii passwd 1:4.1.4.2-1 change and administer password and
Versions of packages libuuid1 recommends:
pn uuid-runtime <none> (no description available)
libuuid1 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The account is locked so it is safe and all of the other system
accounts have a valid shell too, so I'm closing this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSc82TAAoJEJrBOlT6nu75SwIIAIs0b8N0Z77+n4cvj1PcGZMs
r2uzp+TeS+GlaEyqCxUAbunjr79d6snQ23hSlXWS+2SmXo4m4sTTBdtOtb/YAyby
L92JBg2Nd3+cVh7ai8c1xsHtzlv4Sag1cth1LQ80uHONcFJzt/lXTOznft8uxte3
I7c1s4jhuq7UxMPwm3sI8Kx7LAmlB2nMpqlMW0LeQFsT8umr7DT0TVM7cGFOb766
UWYlVGKgft27J8r6pTeBgY7v0QWJdjeuebc9cGqQCJGGyQaMysMuqTEii1axIJPr
nAepvOf2gQI95uN4ESjkRqDMjV1K/k8XRgJNPtDStedzjkfhbe7pzzYfb/UydNE=
=tsYZ
-----END PGP SIGNATURE-----
--- End Message ---
