quick poppassd question
Troy Settle
troy at psknet.com
Mon Jun 2 08:49:11 PDT 2003
Perhaps someone can shed more light on the subject, but it's my
impression that most system process run with a UID/GID under 100. So a
uid < 100 should deny the change request.
Then again, in this day and age, isn't it advisable to do away with
system accounts for users? On most of my boxes, there are exactly 2
passwords in the passwd file: one for my ssh access and another so I can
su to root. On the one box that does have system accounts for users,
they can use /usr/bin/passwd directly.
All 4.2k users on my system authenticate from a MySQL database for mail
and ftp access.
--
Troy Settle
Pulaski Networks
http://www.psknet.com
540.994.4254 - 866.477.5638
> -----Original Message-----
> From: owner-freebsd-isp at freebsd.org
> [mailto:owner-freebsd-isp at freebsd.org] On Behalf Of Mark Sergeant
> Sent: Monday, June 02, 2003 11:32 AM
> To: Wolfpaw - Dale Corse
> Cc: Support; isp at freebsd.org; security at freebsd.org
> Subject: RE: quick poppassd question
>
>
> Could we maybe drop it to 200ish as I know of many cases where uid's
> aren't > 1000 for standard users.
>
> On Tue, 2003-06-03 at 01:33, Wolfpaw - Dale Corse wrote:
> > looks good to me :)
> >
> > D.
> > --------------------------------
> > Dale Corse
> > System Administrator
> > Wolfpaw Services Inc.
> > http://www.wolfpaw.net
> > (780) 474-4095
> >
> > > -----Original Message-----
> > > From: owner-freebsd-isp at freebsd.org
> > > [mailto:owner-freebsd-isp at freebsd.org]On Behalf Of Support
> > > Sent: Monday, June 02, 2003 5:04 AM
> > > To: security at freebsd.org
> > > Cc: isp at freebsd.org
> > > Subject: quick poppassd question
> > >
> > >
> > > Hello,
> > >
> > > I did a quick change to the patched port of poppassd and am
> > > wondering if
> > > you think my code would introduce any potential problems.
> > >
> > > The idea is right after we check if the username exists,
> > > also check if the
> > > UID of that username is over 1000. I wanted to make sure
> that no one
> > > monkeys around with priveleged users once poppassd is running.
> -snip-
>
> --
> Mark Sergeant <msergeant at snsonline.net>
> SNSOnline Technical Services
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
More information about the freebsd-isp
mailing list