On 12/03/2013 02:08 PM, Jehan Procaccia issued this missive:
hello
I use about a hundred fedora19 stations in computer labs at our school
users accounts comes from an ldap directory and the homedir is
automounted via NFS.
However, recently I noticed that on some stations, local user account
had been created !
looking at the log file, I discovered in /var/log/secure something like
this:
/accounts-daemon: request by system-bus-name ::1.733
[/usr/libexec/gnome-initial-setup pid:15259 uid:991]: create user 'foobar'//
//useradd[29724]: new group: name=foobar, GID=1001//
//secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: new user:
name=susana, UID=1001, GID=1001, home=/home/susana, shell=/bin/bash//
//secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: add 'susana' to
group 'wheel'//
//secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: add 'susana' to
shadow group 'wheel'/
Scary ! how comes gnome-initial-setup could create users, and morever
add them to the wheel group !
could it be a bug in /gnome-initial-setup , /a feature side effect ? or
our students found a "back door" ?
any suggestion greatly appreciated .
The system does want a local "administrator" account--one that's not
dependent on the network (and hence LDAP) being available.
Normally the first-boot mechanism would create the "administrator"
account once you've installed the system, but the username doesn't have
to be "administrator" or "admin". It can be any name you want and this
first user will be given administrator privileges (group "wheel"). The
fact that the log entries indicate that this was done by "gnome-initial-
setup" and the user was added to group "wheel" indicates that's exactly
what happened.
It could be that someone ran gnome-initial-setup" manually. It's
supposed to unlink from the systemd startup once it's complete, but I
guess it could be run manually.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ri...@alldigital.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Always remember you're unique, just like everyone else. -
----------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
