| 1 |
>>>>> On Wed, 07 Aug 2019, Michał Górny wrote: |
| 2 |
|
| 3 |
> On Tue, 2019-08-06 at 13:41 +0200, Jaco Kroon wrote: |
| 4 |
>> Attaching. It seems for some reason if I inline the patches they don't |
| 5 |
>> come through. If I mail to myself only it works just fine. |
| 6 |
|
| 7 |
> Actually, I think it should be changed the other way around. |
| 8 |
|
| 9 |
enewuser() checks for EUID being 0 before it even enters that code. |
| 10 |
So you can only create the root user if you are the root user already. |
| 11 |
|
| 12 |
> I don't see any reason to prohibit having a user/group package for |
| 13 |
> root. |
| 14 |
|
| 15 |
Is creation of (additional) users with UID 0 a good idea from a |
| 16 |
security point of view? Maybe it is better to explicitly forbid it? |
| 17 |
|
| 18 |
Ulrich |
Archives