Date: Mon, 2 Jun 2003 11:49:08 -0400 From: "Troy Settle" <troy@psknet.com> To: "'Mark Sergeant'" <msergeant@snsonline.net>, "'Wolfpaw - Dale Corse'" <admin-lists@wolfpaw.net> Cc: security@freebsd.org Subject: RE: quick poppassd question Message-ID: <001b01c3291e$80b3ca90$23fbab3f@psknet.com> In-Reply-To: <1054567925.17084.7.camel@xyzzy.wireless.snsonline.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Perhaps someone can shed more light on the subject, but it's my impression that most system process run with a UID/GID under 100. So a uid < 100 should deny the change request. Then again, in this day and age, isn't it advisable to do away with system accounts for users? On most of my boxes, there are exactly 2 passwords in the passwd file: one for my ssh access and another so I can su to root. On the one box that does have system accounts for users, they can use /usr/bin/passwd directly. All 4.2k users on my system authenticate from a MySQL database for mail and ftp access. -- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 - 866.477.5638 =20 > -----Original Message----- > From: owner-freebsd-isp@freebsd.org=20 > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Mark Sergeant > Sent: Monday, June 02, 2003 11:32 AM > To: Wolfpaw - Dale Corse > Cc: Support; isp@freebsd.org; security@freebsd.org > Subject: RE: quick poppassd question >=20 >=20 > Could we maybe drop it to 200ish as I know of many cases where uid's > aren't > 1000 for standard users. >=20 > On Tue, 2003-06-03 at 01:33, Wolfpaw - Dale Corse wrote: > > looks good to me :) > >=20 > > D. > > -------------------------------- > > Dale Corse > > System Administrator > > Wolfpaw Services Inc. > > http://www.wolfpaw.net > > (780) 474-4095 > >=20 > > > -----Original Message----- > > > From: owner-freebsd-isp@freebsd.org > > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Support > > > Sent: Monday, June 02, 2003 5:04 AM > > > To: security@freebsd.org > > > Cc: isp@freebsd.org > > > Subject: quick poppassd question > > > > > > > > > Hello, > > > > > > I did a quick change to the patched port of poppassd and am > > > wondering if > > > you think my code would introduce any potential problems. > > > > > > The idea is right after we check if the username exists, > > > also check if the > > > UID of that username is over 1000. I wanted to make sure=20 > that no one > > > monkeys around with priveleged users once poppassd is running. > -snip-=20 >=20 > --=20 > Mark Sergeant <msergeant@snsonline.net> > SNSOnline Technical Services > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01c3291e$80b3ca90$23fbab3f>