[Mageia-dev] halt and shutdown users: Still needed?
rihoward1 at gmail.com
rihoward1 at gmail.com
Mon Sep 17 05:12:28 CEST 2012
On Sep 16, 2012, at 9:27 AM, Sander Lepik wrote:
> 16.09.2012 19:13, rihoward1 at gmail.com kirjutas:
>> On Sep 9, 2012, at 3:10 AM, Julien wrote:
>>
>>> Le Sun, 09 Sep 2012 12:55:17 +0300,
>>> Sander Lepik <sander.lepik at eesti.ee> a écrit :
>>>
>>>> 08.09.2012 19:49, Colin Guthrie kirjutas:
>>>>> Hi,
>>>>>
>>>>> So there exists two users (provided by default from the setup pkg)
>>>>> called "halt" and "shutdown". These users just run the halt and shutdown
>>>>> commands as their shell. This means su'ing or sudo'ing or setting a
>>>>> password and logging in as them, will shut the machine down.
>>>>>
>>>>> This seems like a relic from many years ago and there is no need to
>>>>> include such users in this day and age. Should we kill them off?
>>>>>
>>>>> Col
>>>>>
>>>> +1 on removing them. I didn't even know about them :)
>>>>
>>>> --
>>>> Sander
>>>>
>>> The same for me, didn't know they existed.
>>>
>>> Julien
>>
>> - 1
>> Removing them is a really bad idea. It violates fundamental security principles.
>> There is a reason processes are run with their user permissions.
>>
> Hmm, i'm not sure you know what you are talking about. Can you show me where in the code are we doing that?
>
> --
> Sander
> So you just removed the user references from the passwd and shadow file.
More information about the Mageia-dev
mailing list