-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 15, 2003 at 06:18:36PM +0000, Rui Miguel Seabra wrote: > On Wed, 2003-01-15 at 17:50, Derek Martin wrote: > > On Wed, Jan 15, 2003 at 05:40:20PM +0000, Rui Miguel Seabra wrote: > > > or, if you want only the 'normal' users: > > > awk 'BEGIN {FS=":"} $3>=500 {print $1}' < /etc/passwd > > There are only two kinds of users on a Unix system: root, and not > > root. All users other than root are "normal" users, even if they > I humbly point to the single quotes around normal. > > Ease up dude, this *is* a redhat distribution mailing list. :) > > Hugs, <grin> Well, I didn't mean to seem overbearing... But even though this is a Red Hat mailing list, I do think it's worth pointing this out. Many people new to Red Hat have come from other environments (like Windows), or may move to other distributions (like Debian) in the future; these environments behave differently, with varying degrees of subtlety. I've come across a number of people, perhaps accustomed to users with different privilege levels from Windows environments, who do think that there are something special about system accounts. There really is no difference between those and regular user accounts, generally speaking. On Unix systems, a system account is no different from a user account. Compromising that user only gets you access to the resources accessible by that user, whether it's a system account, or a user account. What makes root different is that compromising it gets you access to ALL resources on the system. Historically, before people started to better understand how to deal with privilege separation, and to avoid privilege escalation, compromising a Unix "system" account might have gotten you access to other user's files. For example, getting GID mail might let you read the mail of everyone on the system. This tends to be a lot less true, now that people writing network services better understand privilege separation, and the consequences of not using it. In the example above, with modern mail delivery agents, mail spool files are generally no longer group-owned by the mail group, so getting GID mail won't get you access to the users' mail spools. This is in contrast to Windows, where compromising a system account is much more likely to result in access to many users' resources, and often leads to easily gaining even more elevated privileges. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+JbUqHEnASN++rQIRAk7YAJ4vpx4tCL/sSGyhyEteDnmQbZU3DQCfeDgU avZjrdbZIkcOs6O4LTw4SgI= =s3Yn -----END PGP SIGNATURE----- -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list