On 12/03/2013 11:47 PM, Michael Schwendt issued this missive:
On Tue, 03 Dec 2013 23:08:04 +0100, Jehan Procaccia wrote:
hello
I use about a hundred fedora19 stations in computer labs at our school
users accounts comes from an ldap directory and the homedir is
automounted via NFS.
However, recently I noticed that on some stations, local user account
had been created !
looking at the log file, I discovered in /var/log/secure something like
this:
/accounts-daemon: request by system-bus-name ::1.733
[/usr/libexec/gnome-initial-setup pid:15259 uid:991]: create user 'foobar'//
//useradd[29724]: new group: name=foobar, GID=1001//
//secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: new user:
name=susana, UID=1001, GID=1001, home=/home/susana, shell=/bin/bash//
//secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: add 'susana' to
group 'wheel'//
//secure-20131117:Nov 15 17:16:43 b3-4 useradd[29724]: add 'susana' to
shadow group 'wheel'/
Scary ! how comes gnome-initial-setup could create users, and morever
add them to the wheel group !
could it be a bug in /gnome-initial-setup , /a feature side effect ? or
our students found a "back door" ?
any suggestion greatly appreciated .
See what running
/usr/libexec/gnome-initial-setup --force-new-user
does on one of your installed machines, where 'susana' has not been active
before. Normally, it would prompt for the root password before creating a
new account, but perhaps something else happens with your setup.
In the old days, a process called 'firstboot' was run immediately upon
the first boot after a fresh install. firstboot was responsible for a
number of things, but one of them was setting up the first user account
and adding it to the "wheel" group because it was expected to be the
administrator's account. firstboot never asked for the root password as
it assumed it was being run as part of the install process by a human
who installed the system and would already know the root password.
Hence, the first user account was, by default, an administrative
account in the wheel group who could sudo any command.
Once firstboot had been run, it disconnected itself from the boot
process by deleting a file in the root of the filesystem that an init
script looked for. If the file wasn't there, firstboot wouldn't run.
I don't run gnome (because it's so damned bloated), so I'm not sure what
gnome-initial-setup does, but I suspect it took its cues from the old
firstboot mechanism. If so, then what probably happened is that the
install process was interrupted after the OS was installed. Whoever did
the install did NOT go through the first boot. "susana" was probably the
first person to see the machine, booted it and got the first boot thing.
She added herself, not knowing exactly what this meant at the time. I
doubt she was being malicious.
These are just guesses, mind you, but seem to be a likely scenario.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- A day for firm decisions!!! Well, then again, maybe not! -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org