search

rockstor / rockstor-core

Linux/BTRFS based Network Attached Storage(NAS)
http://rockstor.com/docs/contribute_section.html
GNU General Public License v3.0
548 stars 137 forks source link

revise restricted system usernames #2634

Closed phillxnet closed 1 week ago

phillxnet commented 11 months ago

Within our user management we have a hard-wired username list. This is in need of revision. See: https://github.com/rockstor/rockstor-core/blob/5252197d35cde9ca7ad95bfafd4ac859da9d6103/src/rockstor/storageadmin/views/user.py#L39-L41

Used primarily for validating user input re users.

Hooverdan96 commented 9 months ago

I attempted to do a comparison between two current OpenSUSE flavors we have and whether they are in the currently maintained list. After a fairly fresh install, these were the users I've identified (I think I excluded all the users, I didn't create manually). I don't have a 15.5 install, but I assume it will either be the same as 15.4 or fairly close.

User Description Current Hard-code LEAP 15.4 TW
at Batch jobs daemon No X X
avahi User for Avahi X X X
bin bin X No X
chrony Chrony Daemon No X X
daemon Daemon X X X
dnsmasq dnsmasq No No X
dockremap docker --userns-remap=default No X X
lp Printing daemon No X X
mail Mailer daemon X X X
messagebus User for D-Bus No X X
nginx User for nginx X X X
nobody nobody X X X
nscd User for nscd No No X
ntp NTP account X X X
pesign PE-COFF signing daemon No X X
polkitd User for polkitd No X X
postfix Postfix Daemon X X X
postgres PostgreSQL Server X X X
root root X X X
rpc User for rpcbind X X X
shellinabox user for shellinabox No X X
sshd SSH daemon X X X
statd NFS statd daemon No X X
systemd-network systemd Network Management No X No
systemd-timesync systemd Time Synchronization No X X
tftp TFTP Account No No X
unbound unbound caching DNS server No No X
upsd UPS daemon No X X

Or, mix it with the list here, which is more comprehensive, just to be safe: https://doc.opensuse.org/documentation/leap/startup/html/book-startup/cha-yast-userman.html#sec-yast-userman-defaults

phillxnet commented 9 months ago

@Hooverdan96 Thanks for following-up on this one. I think all we need now is to establish what the system users are on each of our OS bases - likely prioritising TW. And ensure we cover them in our system users list. Pretty sure this is just a mask to identify all users we know are system users and flag them as such. Bit tricky but doable. The current list is just left over from our CentOS days is my assumption.

phillxnet commented 1 week ago

Closing as: Fixed by #2866