Re: why is the nobody account password-protected?
From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 07/22/04
- Previous message: rockwell: "encrypt a message"
- In reply to: Kevin Rodgers: "why is the nobody account password-protected?"
- Next in thread: Lew Pitcher: "OT: Bill, was that you in the Thursday Toronto Star?"
- Reply: Lew Pitcher: "OT: Bill, was that you in the Thursday Toronto Star?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Jul 2004 21:02:17 GMT
Kevin Rodgers <ihs_4664@yahoo.com> writes:
]On Solaris and GNU/Linux at least, the nobody account has a single
]character password -- why? I think it'd make sense to allow any user
]to `su nobody` to safely run risky commands without any priveleges.
A sinle letter either means the password is in /etc/shadow, or noone is
allowed to use that account. It is for use onlyby root.
I think it would be a bad idea to let others use it.
Any user without a password is a HUGE security risk. Youmay assume that a
cracker wh signs on that user will have root. I do not care what the
priviledge level of hte account is.
- Previous message: rockwell: "encrypt a message"
- In reply to: Kevin Rodgers: "why is the nobody account password-protected?"
- Next in thread: Lew Pitcher: "OT: Bill, was that you in the Thursday Toronto Star?"
- Reply: Lew Pitcher: "OT: Bill, was that you in the Thursday Toronto Star?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
