Home » Mailing list archives » openbsd-misc » 2007 » November » 14

Daily insecurity report and drop priv accounts for handling automated tasks

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Dave Harrison <dave@...>
To: <misc@...>
Subject: Daily insecurity report and drop priv accounts for handling automated tasks
Date: Tuesday, November 13, 2007 - 8:06 pm

Hi all,


I've been wondering how to deal with this particular issue for quite

some time now, and I can't find any references to "the right way"(TM)

to handle it.


I always prefer to run automated tasks as limited privilege users on

my OpenBSD hosts - such as tasks that pull files across from other

hosts, and other such nightly tasks.  To make this work the drop priv

user account needs a shell and a home dir (for SSH keys etc), and has

no need for a password.  However this causes the /etc/security script

to generate warnings every night such as,


"""

Login nightlysync is off but still has a valid shell and alternate

access files in home directory are still readable.

"""


The tasks that this user performs are scheduled through cron.


Is there a better way for me to be setting up these kinds of tasks so

that this warning doesn't get raised ?  Or is the warning spurious ?


Cheers

Dave
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Daily insecurity report and drop priv accounts for handling ..., Dave Harrison, (Tue Nov 13, 8:06 pm)
Re: Daily insecurity report and drop priv accounts for handl..., Nick Holland, (Tue Nov 13, 11:17 pm)
Re: Daily insecurity report and drop priv accounts for handl..., Calomel, (Tue Nov 13, 11:46 pm)