* [Buildroot] [PATCH] Remove user "default"
@ 2014-06-05 8:30 Stephan Hoffmann
2014-06-05 17:20 ` Yann E. MORIN
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Stephan Hoffmann @ 2014-06-05 8:30 UTC (permalink / raw)
To: buildroot
User "default" with no password has been around for long time, but not
used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is
no longer needed.
Signed-off-by: Stephan Hoffmann <sho@relinux.de>
---
system/device_table.txt | 1 -
system/skeleton/etc/group | 1 -
system/skeleton/etc/passwd | 1 -
system/skeleton/etc/shadow | 1 -
4 files changed, 4 deletions(-)
diff --git a/system/device_table.txt b/system/device_table.txt
index 7ae4b07..e15412d 100644
--- a/system/device_table.txt
+++ b/system/device_table.txt
@@ -10,7 +10,6 @@
/tmp d 1777 0 0 - - - - -
/etc d 755 0 0 - - - - -
/root d 700 0 0 - - - - -
-/home/default d 755 1000 1000 - - - - -
/var/www d 755 33 33 - - - - -
/etc/shadow f 600 0 0 - - - - -
/etc/passwd f 644 0 0 - - - - -
diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group
index 85a1fa2..11d58ac 100644
--- a/system/skeleton/etc/group
+++ b/system/skeleton/etc/group
@@ -27,4 +27,3 @@ ftp:x:83
nobody:x:99:
nogroup:x:99:
users:x:100:
-default:x:1000:
diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
index ed7006a..8696954 100644
--- a/system/skeleton/etc/passwd
+++ b/system/skeleton/etc/passwd
@@ -13,4 +13,3 @@ dbus:x:81:81:dbus:/var/run/dbus:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
-default:x:1000:1000:Default non-root user:/home/default:/bin/sh
diff --git a/system/skeleton/etc/shadow b/system/skeleton/etc/shadow
index 67b67c1..d5734d7 100644
--- a/system/skeleton/etc/shadow
+++ b/system/skeleton/etc/shadow
@@ -10,4 +10,3 @@ uucp:*:10933:0:99999:7:::
operator:*:10933:0:99999:7:::
ftp:*:10933:0:99999:7:::
nobody:*:10933:0:99999:7:::
-default::10933:0:99999:7:::
--
2.0.0.rc2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] Remove user "default"
2014-06-05 8:30 [Buildroot] [PATCH] Remove user "default" Stephan Hoffmann
@ 2014-06-05 17:20 ` Yann E. MORIN
2014-06-05 19:21 ` Nicholas Kulikov
2014-06-06 22:13 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2014-06-05 17:20 UTC (permalink / raw)
To: buildroot
Stephan, All,
On 2014-06-05 10:30 +0200, Stephan Hoffmann spake thusly:
> User "default" with no password has been around for long time, but not
> used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is
> no longer needed.
>
> Signed-off-by: Stephan Hoffmann <sho@relinux.de>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Note a comment below...
Regards,
Yann E. MORIN.
> ---
> system/device_table.txt | 1 -
> system/skeleton/etc/group | 1 -
> system/skeleton/etc/passwd | 1 -
> system/skeleton/etc/shadow | 1 -
> 4 files changed, 4 deletions(-)
>
> diff --git a/system/device_table.txt b/system/device_table.txt
> index 7ae4b07..e15412d 100644
> --- a/system/device_table.txt
> +++ b/system/device_table.txt
> @@ -10,7 +10,6 @@
> /tmp d 1777 0 0 - - - - -
> /etc d 755 0 0 - - - - -
> /root d 700 0 0 - - - - -
> -/home/default d 755 1000 1000 - - - - -
> /var/www d 755 33 33 - - - - -
> /etc/shadow f 600 0 0 - - - - -
> /etc/passwd f 644 0 0 - - - - -
> diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group
> index 85a1fa2..11d58ac 100644
> --- a/system/skeleton/etc/group
> +++ b/system/skeleton/etc/group
> @@ -27,4 +27,3 @@ ftp:x:83
> nobody:x:99:
> nogroup:x:99:
> users:x:100:
> -default:x:1000:
> diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
> index ed7006a..8696954 100644
> --- a/system/skeleton/etc/passwd
> +++ b/system/skeleton/etc/passwd
> @@ -13,4 +13,3 @@ dbus:x:81:81:dbus:/var/run/dbus:/bin/sh
> ftp:x:83:83:ftp:/home/ftp:/bin/sh
> nobody:x:99:99:nobody:/home:/bin/sh
> sshd:x:103:99:Operator:/var:/bin/sh
Should we make these system accounts no-login accounts, and set the set
their shells to /bin/false to prevent any latent issue?
For example, my distro's passwd has:
sshd:x:115:65534::/var/run/sshd:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
and shadow has:
sshd:*:15767:0:99999:7:::
nobody:*:15630:0:99999:7:::
So, setting at least the shell to /bin/false would be better.
Also, why do we have an sshd user to begin with? We already had this
discussion about the 'mail' user, but 'mail' is in the low-digits, and
very traditional to UNIX. 'sshd' on the other hand is above 100, and
is not really needed: the ssh server should run as root to allow logins
anyway.
And since packages can now create users... ;-)
Should we prepare to claen up etc/passwd (and associated files)?
Regards,
Yann E. MORIN.
> -default:x:1000:1000:Default non-root user:/home/default:/bin/sh
> diff --git a/system/skeleton/etc/shadow b/system/skeleton/etc/shadow
> index 67b67c1..d5734d7 100644
> --- a/system/skeleton/etc/shadow
> +++ b/system/skeleton/etc/shadow
> @@ -10,4 +10,3 @@ uucp:*:10933:0:99999:7:::
> operator:*:10933:0:99999:7:::
> ftp:*:10933:0:99999:7:::
> nobody:*:10933:0:99999:7:::
> -default::10933:0:99999:7:::
> --
> 2.0.0.rc2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] Remove user "default"
2014-06-05 8:30 [Buildroot] [PATCH] Remove user "default" Stephan Hoffmann
2014-06-05 17:20 ` Yann E. MORIN
@ 2014-06-05 19:21 ` Nicholas Kulikov
2014-06-05 20:23 ` Peter Korsgaard
2014-06-06 22:13 ` Peter Korsgaard
2 siblings, 1 reply; 5+ messages in thread
From: Nicholas Kulikov @ 2014-06-05 19:21 UTC (permalink / raw)
To: buildroot
I don't know why but avahi-autopipd uses this by default.
`ps` output from system built by using Buildroot:
# ps -o pid,ppid,user,comm,args
PID PPID USER COMMAND
1 0 root init
...
807 1 default avahi-autoipd avahi-autoipd: [eth1] bound 169.254.8.72
808 807 root avahi-autoipd avahi-autoipd: [eth1] callout dispatcher
...
On 2014-06-05 08:30:50 +0000, Stephan Hoffmann said:
> User "default" with no password has been around for long time, but not
> used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is
> no longer needed.
>
> Signed-off-by: Stephan Hoffmann <sho@relinux.de>
> ---
> system/device_table.txt | 1 -
> system/skeleton/etc/group | 1 -
> system/skeleton/etc/passwd | 1 -
> system/skeleton/etc/shadow | 1 -
> 4 files changed, 4 deletions(-)
>
> diff --git a/system/device_table.txt b/system/device_table.txt
> index 7ae4b07..e15412d 100644
> --- a/system/device_table.txt
> +++ b/system/device_table.txt
> @@ -10,7 +10,6 @@
> /tmp d 1777 0 0 - - - - -
> /etc d 755 0 0 - - - - -
> /root d 700 0 0 - - - - -
> -/home/default d 755 1000 1000 - - - - -
> /var/www d 755 33 33 - - - - -
> /etc/shadow f 600 0 0 - - - - -
> /etc/passwd f 644 0 0 - - - - -
> diff --git a/system/skeleton/etc/group b/system/skeleton/etc/group
> index 85a1fa2..11d58ac 100644
> --- a/system/skeleton/etc/group
> +++ b/system/skeleton/etc/group
> @@ -27,4 +27,3 @@ ftp:x:83
> nobody:x:99:
> nogroup:x:99:
> users:x:100:
> -default:x:1000:
> diff --git a/system/skeleton/etc/passwd b/system/skeleton/etc/passwd
> index ed7006a..8696954 100644
> --- a/system/skeleton/etc/passwd
> +++ b/system/skeleton/etc/passwd
> @@ -13,4 +13,3 @@ dbus:x:81:81:dbus:/var/run/dbus:/bin/sh
> ftp:x:83:83:ftp:/home/ftp:/bin/sh
> nobody:x:99:99:nobody:/home:/bin/sh
> sshd:x:103:99:Operator:/var:/bin/sh
> -default:x:1000:1000:Default non-root user:/home/default:/bin/sh
> diff --git a/system/skeleton/etc/shadow b/system/skeleton/etc/shadow
> index 67b67c1..d5734d7 100644
> --- a/system/skeleton/etc/shadow
> +++ b/system/skeleton/etc/shadow
> @@ -10,4 +10,3 @@ uucp:*:10933:0:99999:7:::
> operator:*:10933:0:99999:7:::
> ftp:*:10933:0:99999:7:::
> nobody:*:10933:0:99999:7:::
> -default::10933:0:99999:7:::
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] Remove user "default"
2014-06-05 19:21 ` Nicholas Kulikov
@ 2014-06-05 20:23 ` Peter Korsgaard
0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2014-06-05 20:23 UTC (permalink / raw)
To: buildroot
>>>>> "Nicholas" == Nicholas Kulikov <nkulikov@gmail.com> writes:
> I don't know why but avahi-autopipd uses this by default.
> `ps` output from system built by using Buildroot:
> # ps -o pid,ppid,user,comm,args
> PID PPID USER COMMAND
> 1 0 root init
> ...
> 807 1 default avahi-autoipd avahi-autoipd: [eth1] bound 169.254.8.72
> 808 807 root avahi-autoipd avahi-autoipd: [eth1] callout dispatcher
> ...
Ahh, that's because of:
git grep default package/avahi/avahi.mk
package/avahi/avahi.mk: --with-avahi-user=default \
package/avahi/avahi.mk: --with-avahi-group=default \
package/avahi/avahi.mk: --with-autoipd-user=default \
package/avahi/avahi.mk: --with-autoipd-group=default
We should adjust avahi.mk to create an avahi user. I'll take a look.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] Remove user "default"
2014-06-05 8:30 [Buildroot] [PATCH] Remove user "default" Stephan Hoffmann
2014-06-05 17:20 ` Yann E. MORIN
2014-06-05 19:21 ` Nicholas Kulikov
@ 2014-06-06 22:13 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2014-06-06 22:13 UTC (permalink / raw)
To: buildroot
>>>>> "Stephan" == Stephan Hoffmann <sho@relinux.de> writes:
> User "default" with no password has been around for long time, but not
> used within buildroot. Since we now have BR2_ROOTFS_USERS_TABLES it is
> no longer needed.
> Signed-off-by: Stephan Hoffmann <sho@relinux.de>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-06 22:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-05 8:30 [Buildroot] [PATCH] Remove user "default" Stephan Hoffmann
2014-06-05 17:20 ` Yann E. MORIN
2014-06-05 19:21 ` Nicholas Kulikov
2014-06-05 20:23 ` Peter Korsgaard
2014-06-06 22:13 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox