Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Curt Sampson (cjscynic.net)
Date: Thu Mar 22 2007 - 00:42:59 CDT
Well, if the reports are reporting as a security issue something you did
intentionally that's not a security issue (for you), then they're not
But this seems pretty simple to resolve. Due to the root/toor thing, we
already have special-case code to deal with a duplicate user account
(and even a comment saying how you can enable or disable it). Just
changing the script to ignore a list of "ok duplicate user IDs" pulled
from a variable in /etc/security.conf, with 1 as the default value,
would fix this in quite a nice way.
Curt Sampson <cjscynic.net> +81 90 7737 2974
The power of accurate observation is commonly called cynicism
by those who have not got it. --George Bernard Shaw
On Wed, 21 Mar 2007, Jukka Salmi wrote:
> to prevent login troubles in in case of shell problems I added another
> entry to the password file, reusing my main user accounts UID, GID,
> etc. but specifying another shell (/bin/sh); this setup imitates what
> toor does for the root account.
> This works fine. However, /etc/security now reports:
> /etc/master.passwd has duplicate user id's.
> jukka 1010 akkuj 1010
> Checking home directories.
> user akkuj home directory is owned by jukka
> Checking dot files.
> user akkuj .cshrc file is owned by jukka
> user akkuj .k5login file is owned by jukka
> Hmm, while these reports are correct (of course), I wonder if there's
> really a problem with such a setup. In case there's not /etc/security
> should probably be fixed.
> Any comments?
> TIA, Jukka