Users and groups kept after a port deinstallation
jhell
jhell at dataix.net
Sat May 22 15:42:57 UTC 2010
On 05/22/2010 08:42, RW wrote:
> On Sat, 22 May 2010 07:58:38 -0400
> jhell <jhell at dataix.net> wrote:
>
>> On 05/22/2010 07:08, RW wrote:
>>> On Sat, 22 May 2010 03:29:38 -0400
>>> jhell <jhell at dataix.net> wrote:
>>>
>>>
>>>> Having unused logins on a system is bad!
>>>
>>> Why?
>>
>> For one example:
>> This opens up a point of possible access to the system in which its
>> integrity could be jeopardized. What all the implications are of this
>> is out of scope for this thread.
>
> These are unprivileged accounts without passwords - you need root
> privileges to use them. Nothing is going to be running under them or
> they wouldn't be candidates for removal in the first place.
Are we arguing the point that these should just be left or can we come
to a point like I stated in the previous email that you so gracefully
chopped out that stated: If they are to be left in the system a admin
should be notified or they should be automatically removed upon package
removal.
This is more of a best practices case than what the implications of
leaving users in the master.passwd are.
--
jhell
More information about the freebsd-ports
mailing list