From owner-freebsd-current  Mon Oct  1  7:36:33 2001
Delivered-To: freebsd-current@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP id 895F237B414
	for <current@FreeBSD.ORG>; Mon,  1 Oct 2001 07:34:23 -0700 (PDT)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id f91EXh661785;
	Mon, 1 Oct 2001 17:33:43 +0300 (EEST)
	(envelope-from ru)
Date: Mon, 1 Oct 2001 17:33:43 +0300
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Kris Kennaway <kris@obsecurity.org>
Cc: current@FreeBSD.ORG
Subject: Re: uucp user shell and home directory
Message-ID: <20011001173343.D57416@sunbay.com>
References: <20011001020246.A77511@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011001020246.A77511@xor.obsecurity.org>; from kris@obsecurity.org on Mon, Oct 01, 2001 at 02:02:46AM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Mon, Oct 01, 2001 at 02:02:46AM -0700, Kris Kennaway wrote:
> Can anyone tell me why the uucp user needs to have a default shell and
> home directory set?
> 
> uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
> 
> Both of those no longer exist by default in FreeBSD, with my changes.
> Is there any reason why this can't be changed to:
> 
> uucp:*:66:66:UUCP pseudo-user:/:/sbin/nologin
> 
As already was told on "that channel", this comes from the times
when ``uucp'' user didn't have password and the account was used
for UUCP communication over serial lines.  Any dialup UUCP user
should have a passwd(5) entry built like the ``uucp''.

It doesn't really matter what the home directory is set to (IIRC),
but the shell must be uucico(8).

It doesn't make any sense though to enable the ``uucp'' account.
Moreover, doing so may have a bad impact on system's security,
as many UUCP related files are owner by the user ``uucp''.

Having said that, I'm with Sheldon on how this change should be
done, i.e., change home directory to /nonexistent and shell to
/sbin/nologin.


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message