Stephen Frost <[EMAIL PROTECTED]> writes: > * Thomas Bushnell BSG ([EMAIL PROTECTED]) wrote: >> Stephen Frost <[EMAIL PROTECTED]> writes: >> > By knowing what the package uses the user for. This is somewhat akin to >> > the PostgreSQL package's question "do you want your data files to be >> > purged upon package removal", or the fact that the default Postgres >> > installation uses ident and the 'postgres' user is the superuser for the >> > database (meaning you're going to be su'ing to postgres probably a fair >> > bit). >> >> How do you know that the system administrator hasn't chowned a file to >> that UID? > > Same way you know that the system administrator hasn't modified a file > in /usr/bin.
Um, I know that by comparing the contents against a known-true version. How do I detect whether the system administrator has used a UID? Moreover, the consequences of getting the one wrong are that you delete the sysadmin's changes. The consequences of the other are an important and difficult-to-detect security hole. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
