Users and groups kept after a port deinstallation
RW
rwmaillists at googlemail.com
Sat May 22 22:54:44 UTC 2010
On Sat, 22 May 2010 11:42:53 -0400
jhell <jhell at dataix.net> wrote:
> >>>> Having unused logins on a system is bad!
> >>>
> >>> Why?
> >>
> >> For one example:
> >> This opens up a point of possible access to the system in which its
> >> integrity could be jeopardized. What all the implications are of
> >> this is out of scope for this thread.
> >
> > These are unprivileged accounts without passwords - you need root
> > privileges to use them. Nothing is going to be running under them or
> > they wouldn't be candidates for removal in the first place.
>
> Are we arguing the point that these should just be left or can we come
> to a point like I stated in the previous email that you so gracefully
> chopped out that stated: If they are to be left in the system a admin
> should be notified or they should be automatically removed upon
> package removal.
If there are no security concerns, the rest is just a bike shed
> This is more of a best practices case than what the implications of
> leaving users in the master.passwd are.
>
Why is it best practice? Why add extra complexity to solve a problem
that doesn't actually exist?
More information about the freebsd-ports
mailing list