On Monday 02 November 2009 22:00, Marcy Cortes wrote:
>It's not SuSEconfig. I tried that.
>It must be maintenance to some particular package.
>Right now, we just clean up. But it would be way better to not have to do
> that.
Mark nailed it: the aaa_base RPM is adding the "games" user in its
post-install script. The definition of the games account is in three files:
/var/adm/fillup-templates/group.aaa_base
/var/adm/fillup-templates/passwd.aaa_base
/var/adm/fillup-templates/shadow.aaa_base
which are also in the aaa_base package. They define all the system accounts:
root, bin, daemon, lp, mail, news, uucp, games, man, wwwrun, ftp, nobody
The aaa_base package is always going to be installed when upgrading the
system, so you'll always get those user accounts back. At least on SLES, and
I think RHEL does something similar.
The fix is to remove the lines for user "games" from those files. The next
time you update aaa_base, it should install the files from the package into
*.rpmnew files instead of overwriting your changes. You will lose any other
changes to those files being applied automatically; you'll have to check them
to see if there are any new system accounts, but that would be rare.
As for the debate about if removing the "games" user is A Good Thing To Do or
not: I think it's OK. I can see why it scares the auditors, so removing it
removes a headache for you. I don't think the UID/GID can be re-used, as
your vendor controls their assignments for system accounts and useradd(8)
will not assign UID/GID values below 500 unless you explicity ask for it with
the -r option, which you're not going to ever use, right? So even if there
are files owned by UID 12 after you delete "games", no one else will get to
own them.
Besides, you're running a security scanner that checks for files with UIDs
that are not in /etc/passwd and notifies you, right? So even if you do
install some package that has a file owned by "games", you'll know about it
soon enough.
- MacK.
-----
Edmund R. MacKenty
Software Architect
Rocket Software
275 Grove Street · Newton, MA 02466-2272 · USA
Tel: +1.617.614.4321
Email: m...@rs.com
Web: www.rocketsoftware.com
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
