Joey Hess <[EMAIL PROTECTED]> writes: > sync: > > The shell of user sync is /bin/sync. Thus, if its password is set > to something easy to guess (such as ""), anyone can sync the system > at the console even if they have no account on the system. > > HELP: If that is the only purpose of user sync, then group sync > seems not very useful. The sync user could just as well be in > nogroup.
It's also a big security hole if you leave it without a password. Then you may login via an xdm session. > operator: > > Operator is historically (and practically) the only 'user' account > that can login remotely, and doesn't depend on NIS/NFS. When using dump/restore, dump sends a message via ttys to all members of the operator group when a tape needs to be rotated. > disk: > > Raw access to disks. Mostly equivilant to root access. > > HELP: Well, I have some disk devices in /dev/ owned by the group, > but I can't see the point. On another system, I noticed that some > of the files lilo puts in /boot/ are also owned by disk. I > can imagine local uses for such a group, like if you want to > give some users in the group direct access to some hard disk. > But these uses I've found on my systems seem to preclude > doing that easily; if I put a user in group disk here, they'd > have write access to the root filesystem. Very useful for backup (dump) programs. They can be ran with the disk and tape group without requiring root access. Phil.