From owner-freebsd-hackers Thu Oct 30 16:50:28 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA25366 for hackers-outgoing; Thu, 30 Oct 1997 16:50:28 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from post.mail.demon.net (post-20.mail.demon.net [194.217.242.27]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id QAA25361 for ; Thu, 30 Oct 1997 16:50:24 -0800 (PST) (envelope-from fhackers@jraynard.demon.co.uk) Received: from jraynard.demon.co.uk ([158.152.42.77]) by post.mail.demon.net id aa2003168; 31 Oct 97 0:10 GMT Received: (from fhackers@localhost) by jraynard.demon.co.uk (8.8.7/8.8.7) id WAA17364; Thu, 30 Oct 1997 22:44:26 GMT (envelope-from fhackers) Message-ID: <19971030224420.52951@jraynard.demon.co.uk> Date: Thu, 30 Oct 1997 22:44:20 +0000 From: James Raynard To: Brandon Gillespie Cc: freebsd-hackers@freebsd.org Subject: Re: Suggested addition to /etc/security References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.81e In-Reply-To: ; from Brandon Gillespie on Thu, Oct 30, 1997 at 10:18:37AM -0700 Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, Oct 30, 1997 at 10:18:37AM -0700, Brandon Gillespie wrote: > I'm not sure if /etc/security is a good place for it, but I think it would > be a good idea to add this check (at least once a week) to somewhere: > > ------------------------------------------------- > echo "checking for invalid user or group ids:" > > find / -nouser -nogroup > ------------------------------------------------- How about adding a check for processes run by non-existent users as well, while we're on the subject? I've seen cases of people's login sessions living on weeks or even months after they've left... -- James Raynard, Edinburgh, Scotland. james@jraynard.demon.co.uk http://www.freebsd.org/~jraynard/