Re: sync adduser with installer

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Daniel C. Sinclair

Subject: Re: sync adduser with installer

Date: Saturday, October 30, 2010 - 2:50 pm

On Fri, Oct 29, 2010 at 10:12 PM, Brynet <brynet@gmail.com> wrote:
quoted text>
> I believe the real problem here is that you're allowing users on your
> systems that are incapable of properly setting the group/world
> permissions of their home directories.

My employer lets a variety of people on their systems - they just want
work to get done and don't know or care about this kind of thing.
Don't you have this problem where you work?

Seriously, putting everyone in the same 'users' group is like running
all your daemons as 'nobody'.  I can quote a stack of UNIX books that
recommend against both (a couple examples are Secure Architectures
with OpenBSD, the AbsoluteBSD books, and the ones I linked to above).
They all talk about using 'adduser' and how per-user groups is the
best option - which is why it is the default.  Changing the default
would invalidate a lot of documentation.

quoted text> It's also a possibility that you are derelict in your duties as a
> systems administrator.
>
> No cookies for you.

This is tech@, not misc@.

Daniel

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: sync adduser with installer, Theo de Raadt, (Fri Oct 29, 9:40 am)

Re: sync adduser with installer, Philip Guenther, (Fri Oct 29, 10:45 am)

Re: sync adduser with installer, Henning Brauer, (Fri Oct 29, 11:25 am)

Re: sync adduser with installer, Daniel C. Sinclair, (Fri Oct 29, 6:41 pm)

Re: sync adduser with installer, Brynet, (Fri Oct 29, 10:12 pm)

Re: sync adduser with installer, Paul de Weerd, (Sat Oct 30, 1:10 am)

Re: sync adduser with installer, Brynet, (Sat Oct 30, 2:10 am)

Re: sync adduser with installer, Henning Brauer, (Sat Oct 30, 4:39 am)

Re: sync adduser with installer, Daniel C. Sinclair, (Sat Oct 30, 2:50 pm)

Re: sync adduser with installer, Philip Guenther, (Sat Oct 30, 2:51 pm)


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables
Mark Brown	[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
Tony Breeds	[LGUEST] Look in object dir for .config
git:
Brian Downing	Re: Git in a Nutshell guide
John Benes	Re: master has some toys
Matthias Lederhofer	[PATCH 4/7] introduce GIT_WORK_TREE to specify the work tree
Alexander Sulfrian	[RFC/PATCH] RE: git calls SSH_ASKPASS even if DISPLAY is not set
Junio C Hamano	Re: Rss produced by git is not valid xml?
git-commits-head:
Linux Kernel Mailing List	iSeries: fix section mismatch in iseries_veth
Linux Kernel Mailing List	ixbge: remove TX lock and redo TX accounting.
Linux Kernel Mailing List	ixgbe: fix several counter register errata
Linux Kernel Mailing List	b43: fix build with CONFIG_SSB_PCIHOST=n
Linux Kernel Mailing List	9p: block-based virtio client
linux-netdev:
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
David Daney	[PATCH 5/7] Staging: Octeon Ethernet: Convert to NAPI.
Wolfgang Grandegger	[PATCH net-next v4 1/3] can: mscan: fix improper return if dlc < 8 in start_xmi...
Amit Kumar Salecha	[PATCHv3 NEXT 2/2] NET: Add Qlogic ethernet driver for CNA devices
openbsd-misc:
Theo de Raadt	Re: Old IPSEC bug
Tomáš Bodžár	Problem with vpnc connection - check group password !
Insan Praja SW	Mandoc Compiling Error
Carl Roberso	Re: Cannot change MTU of carp interface?
Richard Daemon	Re: booting openbsd on eee without cd-rom