1 |
>>>>> On Wed, 07 Aug 2019, Michał Górny wrote: |
2 |
|
3 |
> On Tue, 2019-08-06 at 13:41 +0200, Jaco Kroon wrote: |
4 |
>> Attaching. It seems for some reason if I inline the patches they don't |
5 |
>> come through. If I mail to myself only it works just fine. |
6 |
|
7 |
> Actually, I think it should be changed the other way around. |
8 |
|
9 |
enewuser() checks for EUID being 0 before it even enters that code. |
10 |
So you can only create the root user if you are the root user already. |
11 |
|
12 |
> I don't see any reason to prohibit having a user/group package for |
13 |
> root. |
14 |
|
15 |
Is creation of (additional) users with UID 0 a good idea from a |
16 |
security point of view? Maybe it is better to explicitly forbid it? |
17 |
|
18 |
Ulrich |