[Mageia-dev] halt and shutdown users: Still needed?
Sander Lepik
sander.lepik at eesti.ee
Sun Sep 16 18:27:15 CEST 2012
16.09.2012 19:13, rihoward1 at gmail.com kirjutas:
> On Sep 9, 2012, at 3:10 AM, Julien wrote:
>
>> Le Sun, 09 Sep 2012 12:55:17 +0300,
>> Sander Lepik <sander.lepik at eesti.ee> a écrit :
>>
>>> 08.09.2012 19:49, Colin Guthrie kirjutas:
>>>> Hi,
>>>>
>>>> So there exists two users (provided by default from the setup pkg)
>>>> called "halt" and "shutdown". These users just run the halt and shutdown
>>>> commands as their shell. This means su'ing or sudo'ing or setting a
>>>> password and logging in as them, will shut the machine down.
>>>>
>>>> This seems like a relic from many years ago and there is no need to
>>>> include such users in this day and age. Should we kill them off?
>>>>
>>>> Col
>>>>
>>> +1 on removing them. I didn't even know about them :)
>>>
>>> --
>>> Sander
>>>
>> The same for me, didn't know they existed.
>>
>> Julien
>
> - 1
> Removing them is a really bad idea. It violates fundamental security principles.
> There is a reason processes are run with their user permissions.
>
Hmm, i'm not sure you know what you are talking about. Can you show me where in the code are
we doing that?
--
Sander
More information about the Mageia-dev
mailing list