On Monday 02 November 2009 22:00, Marcy Cortes wrote: >It's not SuSEconfig. I tried that. >It must be maintenance to some particular package. >Right now, we just clean up. But it would be way better to not have to do > that.
Mark nailed it: the aaa_base RPM is adding the "games" user in its post-install script. The definition of the games account is in three files: /var/adm/fillup-templates/group.aaa_base /var/adm/fillup-templates/passwd.aaa_base /var/adm/fillup-templates/shadow.aaa_base which are also in the aaa_base package. They define all the system accounts: root, bin, daemon, lp, mail, news, uucp, games, man, wwwrun, ftp, nobody The aaa_base package is always going to be installed when upgrading the system, so you'll always get those user accounts back. At least on SLES, and I think RHEL does something similar. The fix is to remove the lines for user "games" from those files. The next time you update aaa_base, it should install the files from the package into *.rpmnew files instead of overwriting your changes. You will lose any other changes to those files being applied automatically; you'll have to check them to see if there are any new system accounts, but that would be rare. As for the debate about if removing the "games" user is A Good Thing To Do or not: I think it's OK. I can see why it scares the auditors, so removing it removes a headache for you. I don't think the UID/GID can be re-used, as your vendor controls their assignments for system accounts and useradd(8) will not assign UID/GID values below 500 unless you explicity ask for it with the -r option, which you're not going to ever use, right? So even if there are files owned by UID 12 after you delete "games", no one else will get to own them. Besides, you're running a security scanner that checks for files with UIDs that are not in /etc/passwd and notifies you, right? So even if you do install some package that has a file owned by "games", you'll know about it soon enough. - MacK. ----- Edmund R. MacKenty Software Architect Rocket Software 275 Grove Street · Newton, MA 02466-2272 · USA Tel: +1.617.614.4321 Email: m...@rs.com Web: www.rocketsoftware.com ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390