[Systems] Fixed: The user has not setup an home page

James Cameron quozl at laptop.org
Wed Nov 7 02:54:29 EST 2018


I agree with Bernie that it is unusual these days to need shell
accounts, with the plethora of services available from other
organisations.  For instance, why can't Peace Ojemeh use GitHub for
files?  Then we could delete the shell account and keep the mail
alias.

I don't feel there is consensus yet on what to do with the risk of
inactive or unnecessary accounts.

For account tgillard, it kept copies of virtual machines and operating
system installers that were available from somewhere else, about 38
GB.  No login since February 2016, no new files since 2015, and none
of the files are recent; security risk of zero day vulnerabilities if
installed.  Mail alias tgillard at sugarlabs.org was never used.

+CC Thomas, can we delete the account now?  Or can you clean it up and
delete the out of date files with security vulnerabilities?

On Wed, Nov 07, 2018 at 04:31:07AM +0100, Samson Goddy wrote:
> Peace Ojemeh just created an account yesterday.
> 
> On Wed, Nov 7, 2018, 4:29 AM Walter Bender <[1]walter.bender at gmail.com wrote:
> 
>     A few people on the list are still active: tgilliard for example. And
>     please keep cjl's account around.
> 
>     On Tue, Nov 6, 2018 at 10:21 PM Bernie Innocenti <[2]bernie at codewiz.org>
>     wrote:
> 
>         On 11/7/18 10:20 AM, James Cameron wrote:
>         > Small typo in sunjammer:/etc/skel/public_html has been fixed, and
>         > copied to affected users public_html/
>         >
>         > ajay aleph anurag aperez arun aurora ayush bashintosh benzea caroline
>         > christophd cjb cjl crodas dcastelo dcrossland dsd dvd earias erikg
>         > fran godiard ishan jminor kaametza kandarpk leio mako manusheel marco
>         > martasd martin mokurai mostro mstone mtd mukul mvn naufraghi neeraj
>         > nubae peaceojemeh pflores piro rasky rralcala rsl sergiodj shanjit sj
>         > socialhelp tal tuukka werner woody wwdillingham
>         >
>         > Know any of these users are inactive?  Perhaps we should remove them.
>         >
>         > There are 119 user home directories on sunjammer.
> 
>         There's an old cronjob to find users with expired ldap passwords and
>         notify them by email: /etc/cron.weekly/check_pwd_expire
> 
>         I ran a modified version that doesn't send email to generate this list:
> 
>         Note: user alsroot password has expired since 668 days
>         Warning: user asharma has no LDAP entry
>         Note: user bashintosh password has expired since 1197 days
>         Warning: user dcrossland has no LDAP entry
>         Note: user francis password has expired since 821 days
>         Note: user francocorrea password has expired since 912 days
>         Note: user mako password has expired since 898 days
>         Note: user martasd password has expired since 954 days
>         Note: user mstone password has expired since 1107 days
>         Note: user quidam password has expired since 1068 days
>         Note: user rolf password has expired since 991 days
>         Note: user rralcala password has expired since 820 days
>         Note: user sam password has expired since 429 days
>         Warning: user tgilliard has no LDAP entry
> 
>         There's also system-userdel, a convenient script which removes users
>         from ldap and other places and moves their home to /home/_disabled
> 
>         Feel free to to do delete all these users, except sam and rralcala who
>         are still active. User tgilliard is actually Tgilliard in ldap... weird
>         :-)
> 
>         Providing shell accounts to developers was still fashionable 10 years
>         ago, but with things like GitLab which support the entire development
>         ->
>         release -> web deployment cycle, I no longer see the reason in most
>         cases. Developer accounts have become a huge security concern due to
>         the
>         various CPU exploits, so I would avoid giving out more shell accounts
>         to
>         people who are not supposed to be root anyway.
> 
>         --
>          _ // Bernie Innocenti
>          \X/  [3]https://codewiz.org/
>         _______________________________________________
>         Systems mailing list
>         [4]Systems at lists.sugarlabs.org
>         [5]http://lists.sugarlabs.org/listinfo/systems
> 
>     --
>     Walter Bender
>     Sugar Labs
>     [6]http://www.sugarlabs.org
>     [7]
>     _______________________________________________
>     Systems mailing list
>     [8]Systems at lists.sugarlabs.org
>     [9]http://lists.sugarlabs.org/listinfo/systems
> 
> References:
> 
> [1] mailto:walter.bender at gmail.com
> [2] mailto:bernie at codewiz.org
> [3] https://codewiz.org/
> [4] mailto:Systems at lists.sugarlabs.org
> [5] http://lists.sugarlabs.org/listinfo/systems
> [6] http://www.sugarlabs.org/
> [7] http://www.sugarlabs.org/
> [8] mailto:Systems at lists.sugarlabs.org
> [9] http://lists.sugarlabs.org/listinfo/systems

-- 
James Cameron
http://quozl.netrek.org/


More information about the Systems mailing list