Re: Hearing the truth??

From: Steve Barnet (barnet_at_chem.wisc.edu)
Date: 02/18/04

  • Next message: Mathieu Nantel: "Re: Hearing the truth??" 
    To: focus-sun@securityfocus.com
Date: Wed, 18 Feb 2004 13:25:01 -0600

    Hi Brennan,

    > All:
    >
    > I've got an interesting situation at the office I could use some advice
    > on. I'm being asked from a security perspective whether the following
    > statement (made by our Unix admins) could be considered true:
    >
    > "The only way you can delete a user account on a unix environment is to
    > write a series of scripts to eliminate file associations."

    This depends upon what you mean by deleting a user account. If
    removing login access to the system is all you're looking to achieve,
    then it can be a fairly simple matter - deleting the entries
    in /etc/passwd and /etc/shadow (or the corresponding tables in
    NIS/NIS+ domains) is enough to remove the accounts.

    If you mean make sure that they have no further access, then this
    needs to be extended to look for things like .rhosts, .shosts,
    SSH-RSA authentication, /etc/hosts.equiv (!!?) and/or other
    sorts of trust relationships.

    If you mean removing all resource consumption, then you need
    to look for any/all files owned by the user and delete/archive
    them in addition to the above.

    So, from an immediate security perspective you're probably
    looking at:

    1) Locking or removing the account from authentication DBs (passwd/shadow)
    2) Removing any "trust files" hosts.equiv, .rhosts, .shosts, etc
    3) Remove any crontabs or at jobs
    4) Make sure they have no running processes on the system (no
       back doors left open).

    There are probably others that I'm sure I'll be reminded of :-)

    userdel (1M) - can take care of chunks of this (removing account
    and deleting home directory), but the others require admin
    intervention.

    I'm not sure whether there are commercial tools that address
    all of those issues.

    Best,

    ---Steve

  • Next message: Mathieu Nantel: "Re: Hearing the truth??"

    Relevant Pages

    • Re: Word setting huge bottom margin
      ... when that didn't work I then did a complete erase and install -- so there ... So I tried deleting all MS ... I can always delete this OS X user account and just start a new one, ...
      (microsoft.public.mac.office.word)
    • Re: Deleted row in dataset??
      ... get with a where clause. ... Deleting of rows is slow, as well be aware that there is a difference ... Removing removes the row totally and therefore update is impossible. ... System.Data.DeletedRowInaccessibleException: Deleted row information ...
      (microsoft.public.dotnet.languages.vb)
    • Re: Deleted user account with very important files
      ... I commonly use my wifes user account for convienience especially if she's already on the computer. ... I would use 'windows explorer' to access pictures and organized them under my folders. ... I didn't know that by deleting my user account I would be deleting everything organized there. ... I would really appreciate if someone would give me hope as how I might recover my family pictures. ...
      (microsoft.public.windowsxp.general)
    • Re: Deleted row in dataset??
      ... (The inner for loop can be exited of course with an Exit For and than the ... Deleting of rows is slow, as well be aware that there is a difference ... Removing removes the row totally and therefore update is impossible. ... System.Data.DeletedRowInaccessibleException: Deleted row information ...
      (microsoft.public.dotnet.languages.vb)
    • Re: Deleted row in dataset??
      ... Deleting of rows is slow, as well be aware that there is a difference ... Removing removes the row totally and therefore update is impossible. ... System.Data.DeletedRowInaccessibleException: Deleted row information ... erin = False ...
      (microsoft.public.dotnet.languages.vb)