[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tiger-devel] [PATCH] Minor update to acc014f message.
From: |
Ryan Bradetich |
Subject: |
Re: [Tiger-devel] [PATCH] Minor update to acc014f message. |
Date: |
01 Jul 2003 08:14:52 -0600 |
On Tue, 2003-07-01 at 04:31, Javier Fernandez-Sanguino wrote:
> >
> > * replaced $uid and $homedir with hardcoded values 0 and / since it the
> > only way this message is called is if those are true.
>
> I wouldn't change that. Now that I reread the code it does not make much
> sense to restrict the uid. No user should have as home directory '/'
> should it?
Some of the administrative users might have '/' as their home directory.
i.e.
These Debian Logins use '/' for the home directory
telnetd
These RedHat Logins use '/' for the home directory
nobody
rpc
ident
Maybe we just need to make sure the uid > Tiger_Account_Trust? Or not
listed in the Tiger_Admin_Accounts. Or we could just fix the accounts
:)
I think this will be a good check overall, just making sure we get the
details right.
> Also, changing it does simplify the code but makes it difficult to copy
> & paste if we want a new check (with different UID/homedir but similar
> meesage).
>
> In any case, it maybe should be:
>
> # Check for user's home directory, warn if it's / and if it's root
> # then fail
> if [ "$homedir" = "/" ] ; then
> if [ "$uid" = 0 ] ; then
> message FAIL acc014f '' "Login ID $user (UID-$uid) has $homedir
> for their home directory"
> else
> message WARN acc01Xw '' "Login ID $user (UID-$uid) has $homedir for
> their home directory"
> fi
> fi
>
> This message could be easily copy & pasted if we wanted to check, say
> /var/www in the future for users =/= www (let's say it's uid 100). Sample:
>
> [ "$uid" != 100 -a "$homedir" = "/var/www" ] &&
> message FAIL acc0XXf '' "Login ID $user (UID-$uid) has $homedir
> for their home directory"
>
> Don't you think?
This works good for me!
Thanks,
- Ryan