On 12/03/2013 02:08 PM, Jehan Procaccia issued this missive:
hello I use about a hundred fedora19 stations in computer labs at our school users accounts comes from an ldap directory and the homedir is automounted via NFS. However, recently I noticed that on some stations, local user account had been created ! looking at the log file, I discovered in /var/log/secure something like this: /accounts-daemon: request by system-bus-name ::1.733 [/usr/libexec/gnome-initial-setup pid:15259 uid:991]: create user 'foobar'// //useradd[29724]: new group: name=foobar, GID=1001// //secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: new user: name=susana, UID=1001, GID=1001, home=/home/susana, shell=/bin/bash// //secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: add 'susana' to group 'wheel'// //secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: add 'susana' to shadow group 'wheel'/ Scary ! how comes gnome-initial-setup could create users, and morever add them to the wheel group ! could it be a bug in /gnome-initial-setup , /a feature side effect ? or our students found a "back door" ? any suggestion greatly appreciated .
The system does want a local "administrator" account--one that's not dependent on the network (and hence LDAP) being available. Normally the first-boot mechanism would create the "administrator" account once you've installed the system, but the username doesn't have to be "administrator" or "admin". It can be any name you want and this first user will be given administrator privileges (group "wheel"). The fact that the log entries indicate that this was done by "gnome-initial- setup" and the user was added to group "wheel" indicates that's exactly what happened. It could be that someone ran gnome-initial-setup" manually. It's supposed to unlink from the systemd startup once it's complete, but I guess it could be run manually. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Always remember you're unique, just like everyone else. - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
