On Wed, Oct 26, 2005 at 06:29:57PM +0200, Andreas Barth wrote: > > Problem being, if daemons don't remove their (supposedly exclusive-use) > > accounts, you can end in two years with 100 unnecessary accounts in a > > workstation. > > How many daemon packages do you install in two years? I even doubt that > we have 100 packages that add accounts at all in debian.
Sorry, you'll have to clear up your facts first. How about doing this:
{
lynx -dump -nolist \
http://lintian.debian.org/reports/Tmaintainer-script-needs-depends-on-adduser.html
| \
perl -ne 'print $1."\n" if /W: (.*?): /'
grep-available -sPackage -FPre-Depends,Depends adduser | awk '{print $2}'
} | wc -l
( I already posted this recipe in the thread, BTW )
That's 187 packages by my count, and might not cover all cases. Now, we have
a limit of 400 system uids in our current setting (499-100+1, see
adduser.conf) and, from what I'm seeing as part of my security audit work,
*many* *more* packages should be creating system users to run daemons as
low-priviledged users instead of running as root.
So, over 100 currently, and not an issue right now but might be in the future.
Javier
signature.asc
Description: Digital signature
