[Info-vax] purging another user's mail from a semi-priviledged account
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Sat Apr 6 08:50:43 EDT 2013
On 2013-04-06 07:49:37 +0000, Phillip Helbig---undress to reply said:
> In article <kjmshs$lkh$1 at dont-email.me>, Stephen Hoffman
> <seaohveh at hoffmanlabs.invalid> writes:
>
>> The accessor having system privileges, system-group UIC is
>> certainly also within the realm here, given what (wasn't) shown.
>
> Right; that was it, [1,5],
That UIC is within a vendor-reserved UIC group [1,*], FWIW.
There's a list of some of the users typically found in [1,*]
<http://labs.hoffmanlabs.com/node/856> and I don't know of any [1,5]
usernames off-hand, but the general recommendation from the vendor was
to avoid the [1,*] and [300 to 377,*] ranges. Nothing precludes HP
from deciding to use or reuse that [1,5] UIC for, well, whatever.
Put another way, the vendor classically recommended the [2 to 10,*]
ranges, if configuring a username with (implicit) system privilege.
If you're looking to "hide" a privileged user in plain sight, then use
[10,*]. But I digress.
There's a (large) flow-chart of how access is granted or denied the
security manual, and there's the previously mentioned security auditing
(access failures and access grants) that are the most useful for
tracking these.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list