From owner-freebsd-hackers  Sat Nov  1 11:59:40 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id LAA04590
          for hackers-outgoing; Sat, 1 Nov 1997 11:59:40 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA04584
          for <freebsd-hackers@FreeBSD.ORG>; Sat, 1 Nov 1997 11:59:37 -0800 (PST)
          (envelope-from wosch@cs.tu-berlin.de)
Received: from panke.panke.de (anonymous233.ppp.cs.tu-berlin.de [130.149.17.233])
	by mail.cs.tu-berlin.de (8.8.6/8.8.7) with ESMTP id UAA07262;
	Sat, 1 Nov 1997 20:44:17 +0100 (MET)
Received: (from wosch@localhost) by panke.panke.de (8.8.5/8.6.12) id TAA01578; Sat, 1 Nov 1997 19:07:37 +0100 (MET)
To: Brandon Gillespie <brandon@roguetrader.com>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Suggested addition to /etc/security
References: <Pine.BSF.3.96.971030101513.521A-100000@roguetrader.com>
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Date: 01 Nov 1997 19:07:34 +0100
In-Reply-To: Brandon Gillespie's message of Thu, 30 Oct 1997 10:18:37 -0700 (MST)
Message-ID: <p1iu3dwqyhl.fsf@panke.panke.de>
Lines: 35
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Done. -Wolfram

wosch       1997/11/01 07:03:06 PST

  Modified files:
    etc/periodic/weekly  Makefile 
  Added files:
    etc/periodic/weekly  340.noid 
  Log:
  Check for files belongs to an unknown user or unknown group.
  Do not run by default.

Brandon Gillespie <brandon@roguetrader.com> writes:
> I'm not sure if /etc/security is a good place for it, but I think it would
> be a good idea to add this check (at least once a week) to somewhere:
> 
> -------------------------------------------------
> echo "checking for invalid user or group ids:"
> 
> find / -nouser -nogroup
> -------------------------------------------------
> 
> I have users come and go a lot, and some are in projects, so their files
> can be scattered around the filesystem--not just in their home directory.
> I've added this to my security check, and it helps me to keep on top of
> things.
> 
> Since (I think?) the default action of 'pw' and most other user add
> programs is to reuse ids, this is also a security concern..
> 
> -Brandon Gillespie

-- 
Wolfram Schneider   <wosch@apfel.de>   http://www.apfel.de/~wosch/