-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Jan 15, 2003 at 06:18:36PM +0000, Rui Miguel Seabra wrote:
> On Wed, 2003-01-15 at 17:50, Derek Martin wrote:
> > On Wed, Jan 15, 2003 at 05:40:20PM +0000, Rui Miguel Seabra wrote:
> > > or, if you want only the 'normal' users:
> > > awk 'BEGIN {FS=":"} $3>=500 {print $1}' < /etc/passwd
> > There are only two kinds of users on a Unix system: root, and not
> > root. All users other than root are "normal" users, even if they
> I humbly point to the single quotes around normal.
>
> Ease up dude, this *is* a redhat distribution mailing list. :)
>
> Hugs,
<grin>
Well, I didn't mean to seem overbearing... But even though this is a
Red Hat mailing list, I do think it's worth pointing this out. Many
people new to Red Hat have come from other environments (like
Windows), or may move to other distributions (like Debian) in the
future; these environments behave differently, with varying degrees of
subtlety.
I've come across a number of people, perhaps accustomed to users with
different privilege levels from Windows environments, who do think
that there are something special about system accounts. There really
is no difference between those and regular user accounts, generally
speaking. On Unix systems, a system account is no different from a
user account. Compromising that user only gets you access to the
resources accessible by that user, whether it's a system account, or a
user account. What makes root different is that compromising it gets
you access to ALL resources on the system.
Historically, before people started to better understand how to deal
with privilege separation, and to avoid privilege escalation,
compromising a Unix "system" account might have gotten you access to
other user's files. For example, getting GID mail might let you
read the mail of everyone on the system. This tends to be a lot less
true, now that people writing network services better understand
privilege separation, and the consequences of not using it. In the
example above, with modern mail delivery agents, mail spool files are
generally no longer group-owned by the mail group, so getting GID mail
won't get you access to the users' mail spools.
This is in contrast to Windows, where compromising a system account
is much more likely to result in access to many users' resources, and
often leads to easily gaining even more elevated privileges.
- --
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+JbUqHEnASN++rQIRAk7YAJ4vpx4tCL/sSGyhyEteDnmQbZU3DQCfeDgU
avZjrdbZIkcOs6O4LTw4SgI=
=s3Yn
-----END PGP SIGNATURE-----
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
