From owner-freebsd-isp@FreeBSD.ORG Mon Jun 2 08:49:10 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D783337B401 for ; Mon, 2 Jun 2003 08:49:10 -0700 (PDT) Received: from psknet.com (grant.psknet.com [63.171.251.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 5E06943F3F for ; Mon, 2 Jun 2003 08:49:09 -0700 (PDT) (envelope-from troy@psknet.com) Received: (qmail 81397 invoked by uid 85); 2 Jun 2003 15:49:08 -0000 Received: from troy@psknet.com by grant.psknet.com by uid 25 with qmail-scanner-1.16 (no such scanner Clear:. Processed in 0.245998 secs); 02 Jun 2003 15:49:08 -0000 Received: from dilbert.psknet.com (HELO dilbert) (63.171.251.35) by tc.psknet.com with SMTP; 2 Jun 2003 15:49:08 -0000 From: "Troy Settle" To: "'Mark Sergeant'" , "'Wolfpaw - Dale Corse'" Date: Mon, 2 Jun 2003 11:49:08 -0400 Message-ID: <001b01c3291e$80b3ca90$23fbab3f@psknet.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal In-Reply-To: <1054567925.17084.7.camel@xyzzy.wireless.snsonline.net> cc: 'Support' cc: isp@freebsd.org cc: security@freebsd.org Subject: RE: quick poppassd question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 15:49:11 -0000 Perhaps someone can shed more light on the subject, but it's my impression that most system process run with a UID/GID under 100. So a uid < 100 should deny the change request. Then again, in this day and age, isn't it advisable to do away with system accounts for users? On most of my boxes, there are exactly 2 passwords in the passwd file: one for my ssh access and another so I can su to root. On the one box that does have system accounts for users, they can use /usr/bin/passwd directly. All 4.2k users on my system authenticate from a MySQL database for mail and ftp access. -- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 - 866.477.5638 =20 > -----Original Message----- > From: owner-freebsd-isp@freebsd.org=20 > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Mark Sergeant > Sent: Monday, June 02, 2003 11:32 AM > To: Wolfpaw - Dale Corse > Cc: Support; isp@freebsd.org; security@freebsd.org > Subject: RE: quick poppassd question >=20 >=20 > Could we maybe drop it to 200ish as I know of many cases where uid's > aren't > 1000 for standard users. >=20 > On Tue, 2003-06-03 at 01:33, Wolfpaw - Dale Corse wrote: > > looks good to me :) > >=20 > > D. > > -------------------------------- > > Dale Corse > > System Administrator > > Wolfpaw Services Inc. > > http://www.wolfpaw.net > > (780) 474-4095 > >=20 > > > -----Original Message----- > > > From: owner-freebsd-isp@freebsd.org > > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Support > > > Sent: Monday, June 02, 2003 5:04 AM > > > To: security@freebsd.org > > > Cc: isp@freebsd.org > > > Subject: quick poppassd question > > > > > > > > > Hello, > > > > > > I did a quick change to the patched port of poppassd and am > > > wondering if > > > you think my code would introduce any potential problems. > > > > > > The idea is right after we check if the username exists, > > > also check if the > > > UID of that username is over 1000. I wanted to make sure=20 > that no one > > > monkeys around with priveleged users once poppassd is running. > -snip-=20 >=20 > --=20 > Mark Sergeant > SNSOnline Technical Services > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >=20