On Mon, 31 Mar 2003 at 08:07:05PM +0100, Dale Amon wrote:
> I have heard it so argued and remain to be convinced.
> I have a cfengine script that overwrites the work of
> debian packages in passwd within minutes of an upgrade.
> All non-real users get /dev/false for a shell on my
> systems. If it
On Mon, 31 Mar 2003 at 08:07:05PM +0100, Dale Amon wrote:
> I have heard it so argued and remain to be convinced.
> I have a cfengine script that overwrites the work of
> debian packages in passwd within minutes of an upgrade.
> All non-real users get /dev/false for a shell on my
> systems. If it
On Sat, Mar 29, 2003 at 12:55:21AM +0100, Sven Hoexter wrote:
> Ok then I'm out of arguments ;) but I think there is a reason for the
> packagers
> to setup a lot of dummy users for daemons etc. with /bin/sh instead of
> /bin/false or /dev/null.
I have heard it so argued and remain to be convince
On Sat, Mar 29, 2003 at 12:55:21AM +0100, Sven Hoexter wrote:
> Ok then I'm out of arguments ;) but I think there is a reason for the packagers
> to setup a lot of dummy users for daemons etc. with /bin/sh instead of
> /bin/false or /dev/null.
I have heard it so argued and remain to be convinced.
On Fri, Mar 28, 2003 at 10:55:45PM +0100, Christian Jaeger wrote:
> At 12:11 Uhr +0100 26.03.2003, Sven Hoexter wrote:
Hi,
> >This might be bad cause AFAIK a few cronjobs change from their root uid to
> >nobody via the su command.
>
> They don't really need a shell setting for nobody. su -s /bin
On Fri, Mar 28, 2003 at 10:55:45PM +0100, Christian Jaeger wrote:
> At 12:11 Uhr +0100 26.03.2003, Sven Hoexter wrote:
Hi,
> >This might be bad cause AFAIK a few cronjobs change from their root uid to
> >nobody via the su command.
>
> They don't really need a shell setting for nobody. su -s /bin
At 12:11 Uhr +0100 26.03.2003, Sven Hoexter wrote:
This might be bad cause AFAIK a few cronjobs change from their root uid to
nobody via the su command.
They don't really need a shell setting for nobody. su -s /bin/sh
$commandline works as well.
Christian.
At 12:11 Uhr +0100 26.03.2003, Sven Hoexter wrote:
This might be bad cause AFAIK a few cronjobs change from their root uid to
nobody via the su command.
They don't really need a shell setting for nobody. su -s /bin/sh
$commandline works as well.
Christian.
--
To UNSUBSCRIBE, email to [EMAIL PROT
On Wed, Mar 26, 2003 at 10:50:48AM -0500, Noah L. Meyerhans wrote:
> On Wed, Mar 26, 2003 at 12:11:58PM +0100, Sven Hoexter wrote:
> > Well yes it could :) As long as the user has no valid password it's not very
> > usefull. Take a look into the /etc/shadow and in the second field you'll
> > find
Dit e-mail adres bestaat niet
On Wed, Mar 26, 2003 at 10:50:48AM -0500, Noah L. Meyerhans wrote:
> On Wed, Mar 26, 2003 at 12:11:58PM +0100, Sven Hoexter wrote:
> > Well yes it could :) As long as the user has no valid password it's not very
> > usefull. Take a look into the /etc/shadow and in the second field you'll find
> > !
On Wed, Mar 26, 2003 at 12:11:58PM +0100, Sven Hoexter wrote:
> Well yes it could :) As long as the user has no valid password it's not very
> usefull. Take a look into the /etc/shadow and in the second field you'll find
> ! or * indicating that this user has a invalid password. See man 5 shadow.
Yoann <[EMAIL PROTECTED]> writes:
> there is an * in /etc/shadow for nobody, but all services (ftp, web...)
> are running with the uid nobody so if there is an attack on an unknow
> bug (I keep up to date all services) on those services (buffer overflow
> for example), It's will be unsercure.. .
Dit e-mail adres bestaat niet
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, Mar 26, 2003 at 12:11:58PM +0100, Sven Hoexter wrote:
> Well yes it could :) As long as the user has no valid password it's not very
> usefull. Take a look into the /etc/shadow and in the second field you'll find
> ! or * indicating that this user has a invalid password. See man 5 shadow.
Yoann <[EMAIL PROTECTED]> writes:
> there is an * in /etc/shadow for nobody, but all services (ftp, web...)
> are running with the uid nobody so if there is an attack on an unknow
> bug (I keep up to date all services) on those services (buffer overflow
> for example), It's will be unsercure.. .
Hi,
I look at in the file /etc/passwd on my server today, and I saw the user
nobody has a shell !!. When I installed my debian (sarge, I know it's
bad, but it's just a server for me...) I put /bin/false. A few days ago,
while an upgrade, apt asked to me to upgrade that file to the new
version an
Hi,
I look at in the file /etc/passwd on my server today, and I saw the user
nobody has a shell !!. When I installed my debian (sarge, I know it's
bad, but it's just a server for me...) I put /bin/false. A few days ago,
while an upgrade, apt asked to me to upgrade that file to the new
version and
Does the user nobody has got a password in /etc/shadow ?
greets
Robbert
Citeren Yoann <[EMAIL PROTECTED]>:
> hi,
>
> I look at in the file /etc/passwd on my server today, and I saw the user
> nobody has a shell !!. When I installed my debian (sarge, I know it's
> bad, but it's just a server
On Wed, Mar 26, 2003 at 11:35:38AM +0100, Yoann wrote:
Hi,
> I look at in the file /etc/passwd on my server today, and I saw the user
> nobody has a shell !!. When I installed my debian (sarge, I know it's
> bad, but it's just a server for me...) I put /bin/false. A few days ago,
> while an up
Does the user nobody has got a password in /etc/shadow ?
greets
Robbert
Citeren Yoann <[EMAIL PROTECTED]>:
> hi,
>
> I look at in the file /etc/passwd on my server today, and I saw the user
> nobody has a shell !!. When I installed my debian (sarge, I know it's
> bad, but it's just a server
On Wed, Mar 26, 2003 at 11:35:38AM +0100, Yoann wrote:
Hi,
> I look at in the file /etc/passwd on my server today, and I saw the user
> nobody has a shell !!. When I installed my debian (sarge, I know it's
> bad, but it's just a server for me...) I put /bin/false. A few days ago,
> while an up
22 matches
Mail list logo