[Mageia-dev] halt and shutdown users: Still needed?
Colin Guthrie
mageia at colin.guthr.ie
Tue Sep 18 11:53:46 CEST 2012
'Twas brillig, and Liam R E Quin at 17/09/12 17:23 did gyre and gimble:
> On Mon, 2012-09-17 at 14:56 +0100, Colin Guthrie wrote:
>> Well according to folklore (which is about all I've got to go on here),
>> before there were proper infrastructures in place to allow users to
>> reboot machines, sysadmins might give "trusted" workstation users the
>> passwords to these accounts which then let them "login to reboot" (I
>> guess a forerunner to the "Start->Shutdown" oxymoron!)
>
> Yes - I seem to remember that V7 and also 4.1, 4.2 BSD shipped with
> several such pseudo-users, although they may've been a local addition at
> the university where I used them in the early 1980s.
>
> They are good for environments with users you don't trust but who have
> to be able to do specific admin tasks... but they could for sure be
> added locally in those environments.
>
> Of course, if you have a university with 5,000 workstations, it'd be
> nice not to have to make changes to each of them... but, it's likely
> that changes are already made, and if one of them is to enable NIS then
> you can add the pseudo-users globally anyway.
>
> Every account is a potential break-in vector, however unlikely, so it
> seems better not to ship with them.
Yup, rolling out changes to large numbers of workstations would be done
via something like puppet these days anyway, so creating user accounts
en-mass even if they are not shipped by default should be pretty trivial.
I think that's enough consensus to drop them.
Cheers
Col
--
Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the Mageia-dev
mailing list