RE: Special accounts

Tue, 11 Dec 2001 12:33:19 -0800 

                Hi Marcel,

>  If I want to edit file named.local, say, I can su root and edit the file
> from there or from root, su named, because then the password is not asked
> for. 

 After the "su named" you will still be root, because there is no shell for 
named. Only the command /bin/false will have been executed. Do an "exit" after 
this and root will be logged out, not named.

> - From what you tell me below about the shutdown account, if I assign it the
>   command /sbin/shutdown in /etc/passwd, and then a password, then I could su
>   or login to it from a regular user account to shutdown the machine. Is this
>   the general procedure?

 In the default setup every user that can login on the console can do a 
shutdown, the philosophy being you could pull the plug anyway. If you want 
remote users to be able to shut the machine su-ing to shutdown as you suggest 
probably works (never tried).

> - How do I go about running a privilege-less program with nobody?

 ? If you supply nobody with a shell nobody can run the same executables other 
users can run.

> Since a full install of Red Hat Deluxe 7.1 sets up 30 system accounts,
> assigned to specific UIDs below 100,
> does detailed documentation about them exist, describing the "mission" of
> each account, how it's used, which files/directories it typically owns,
> how to safely delete/recreate it, etc?

 I would suggest never to do a full install, except for special purposes. This 
way not all these accounts will be created.
 If you want to find out which account has what purpose you could try the 
following (example for named, uid 25):
# find / -uid 25
will give you a listing of all files owned by named. You might want to use the 
switch -xdev as not to descend into other filesystems.
 Take a file from the output of the previous command, and query the rpm 
database which package owns the file, ie:
# rpm -q --whatprovides /var/named
bind-8.2.3-0.6.x
 Now you know user named is used by bind.

                                        Bye,

                                        Leonard.





_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to