Re: [Tiger-devel] [PATCH] Minor update to acc014f message.

[Ryan Bradetich]

On Tue, 2003-07-01 at 04:31, Javier Fernandez-Sanguino wrote:
> > 
> >     * replaced $uid and $homedir with hardcoded values 0 and / since it the
> > only way this message is called is if those are true.
> 
> I wouldn't change that. Now that I reread the code it does not make much 
> sense to restrict the uid. No user should have as home directory '/' 
> should it?

Some of the administrative users might have '/' as their home directory.

i.e.  
        These Debian Logins use '/' for the home directory
                telnetd

        These RedHat Logins use '/' for the home directory
                nobody
                rpc
                ident           

Maybe we just need to make sure the uid > Tiger_Account_Trust?  Or not
listed in the Tiger_Admin_Accounts.  Or we could just fix the accounts
:)

I think this will be a good check overall, just making sure we get the
details right.

> Also, changing it does simplify the code but makes it difficult to copy 
> & paste if we want a new check (with different UID/homedir but similar 
> meesage).
> 
> In any case, it maybe should be:
> 
>      # Check for user's home directory, warn if it's / and if it's root
>      # then fail
>      if [ "$homedir" = "/" ] ; then
>          if [ "$uid" = 0 ] ; then
>          message FAIL acc014f '' "Login ID $user (UID-$uid) has $homedir 
> for their home directory"
>          else
>       message WARN acc01Xw '' "Login ID $user (UID-$uid) has $homedir for 
> their home directory"
>          fi
>       fi
> 
> This message could be easily copy & pasted if we wanted to check, say 
> /var/www in the future for users =/= www (let's say it's uid 100). Sample:
> 
>       [ "$uid" != 100 -a "$homedir" = "/var/www" ] &&
>          message FAIL acc0XXf '' "Login ID $user (UID-$uid) has $homedir 
> for their home directory"
> 
> Don't you think?

This works good for me!

Thanks,

- Ryan