[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: News/weekly/2006/24/index.wml [part 2]


From: "Ippei Tamura" <ippei1@xxxxxxxxxxxx>
Subject: News/weekly/2006/24/index.wml [part 2]
Date: Tue, 20 Jun 2006 10:55:01 +0900

> case-by-case basis.  Javier Fern&aacute;ndez-Sanguino Pe&ntilde;a <a
> href="http://lists.debian.org/debian-devel/2006/05/msg01225.html";>added</a>
> disabling recommendations and provided information on using
> <code>nologin</code> as shell.</p>

> 説明しました</a>。Javier Fern&aacute;ndez-Sanguino Pe&ntilde;a さんは、推奨を
> 無効にすることを<a
> href="http://lists.debian.org/debian-devel/2006/05/msg01225.html";>付け加え</a>、
> シェルとして <code>nologin</code> を使うための情報を提供しました。</p>

を見ましたが、"disabling recommendations" は "recommendations to disable"

> AFAIK, this is already being done in Red Hat, SuSE, FreeBSD and OpenBSD for
> many system users. And is the recommended practice for disabling users (per
> CERT's http://www.cert.org/tech_tips/unix_configuration_guidelines.html).
> This is recommended because even if a user has a disabled password some
> (network) services might allow remote login under certain circumstances.
> In any case, and this is Debian-specific, you might want to read through
> the following discussions:
> http://lists.debian.org/debian-security/2003/10/msg00135.html
> and 
> http://lists.debian.org/debian-devel/1998/07/msg03281.html
> (continued in http://lists.debian.org/debian-devel/1998/08/msg00084.html)
> (1998! gasp!) for insightful comments for (some even against) this practice.