chip@tct.uucp (Chip Salzenberg) (08/17/90)
According to allbery@ncoast.ORG (Brandon S. Allbery KB8JRR/KT): >Most end-users do not need security that, even in soi-disant "relaxed" mode, >is obtrusive. I do not appreciate having created a user in singleuser mode >and now having that user forever stuck on /usr instead of /u with the others, >for example, because editing /etc/passwd is not permitted. I would like to note that it is possible to edit /etc/passwd to make changes, as long as the authorization database is also updated. In the case of typical user values like user and group ids, this means editing "/tcb/files/auth/<first letter of user>/<user>". (The format of the directories and files under /tcb/files/auth reminds me of terminfo. Oddly enough, I dislike terminfo too.) By the way, note that the user's home directory is NOT stored in the authorization database. (At least this is true if you have "relaxed" security, which is the only close-to-sane way to use SCO Unix.) So if all you want to do is change the user's home directory, go ahead and edit /etc/passwd with impunity. >THIS I do not need. This my company does not need. I am close to >recommending we switch to 386/ix, and unless there are changes we >will do so. On this matter I am 100% behind Brandon. SCO bills SCO Unix as having OPTIONAL additional security. If this claim were true, I could eliminate ALL of the non-standard security features ("rm -rf /tcb") and run as if SCO Unix were "standard" Unix. That's all I want: Standard Unix security. -- Chip Salzenberg at Teltronics/TCT <chip@tct.uucp>, <uunet!pdn!tct!chip> "Most of my code is written by myself. That is why so little gets done." -- Herman "HLLs will never fly" Rubin