OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: User operator under Red Hat 6.2
From: Kurt Seifried (listuserSEIFRIED.ORG)
Date: Wed Oct 04 2000 - 18:02:43 CDT

> It's not necessesary a bug but is abig problem when you install Red Hat
6.2 and one
> user different to root has guid root, even worse if you don't know it.
>
> User: operator
> Home : /root (oops! same home than root, same bash history!)
> Main group: root
>
> (May be you find usefully operator user but may be you must change its
home,
> also you must think about that in a dictionary attack there are two roots
to find)
>
> If you find some PAM message with a remote change password to operator
> becarefull, may you must look for in root history not-normal activity
>
> Have a nice IT day
>
> Diego García

Argh. Also in Red Hat 7.0:

uid=11(operator) gid=0(root) groups=0(root)

Using find, I couldn't find any files owned by operator, using grep I
couldn't find anything in etc that mentioned the operator user (beyond the
password files). It appears safe to remove the user:

userdel operator

At least nothing has broken so far =). Gratuitous root acounts are rather
annoying. Red Hat 7.0 also ships sudo, so there's a better solution
available.

Kurt Seifried - seifriedsecurityportal.com
SecurityPortal, your focal point for security on the net.
http://www.securityportal.com/