SCO OpenServer & filePro permissions

Mon Oct 11 19:26:24 PDT 2010

The honourable and venerable scooter6 at gmail.com spoke thus:
> So does it matter what I set filepro's password to? I never
> knew it got installed with a password, much less a password that
> expires?? Strange......

If the installation is what creates the filepro user, my recollection is
that it does not even -set- a password, you have to do that manually.  I
may be misremembering.  Usually I'm doing a migration, so I set up the
account manually, before actual fP installation.

If you're planning on physically logging in manually as filepro, then you
should pick a strong password that you can remember.  If you're only going
to be using su or ssh with authorized_keys, then you would be safe to just
put x or * in the encryption field in /etc/shadow.  If you're not even
going to have filepro as a user -do- anything, one can lock it down with a
shell of /bin/nologin or /bin/false.

> That leads me to the other part of my problems/issues/questions.  I'm
> assuming them I can use the filepro user to ftp to our client's site
> and 'get' files, thus these files would have filepro ownership already,
> right?

Given the correct credentials and automation, yes, the filepro user can ftp
out and get files.  Resultant files would be owned by filepro.

> I guess I can also do some 'system' calls to chmod etc right from
> processing.

I know you can, I don't have to guess.  Now chown is another story
entirely...

> But I would like to know if:
>   a) this is standard behaviour for filepro (an expiring password)

Password expiry has nothing whatsoever to do with filepro, and everything
to do with the security configuration of the authentication subsystem of
the underlying operating system.  I'm not sure what SCO is using as of
5.0.7.  In linux, this would be a function of how the PAM module is
configured, for most (if not all) modern distributions.

>   b) does it matter what I set filepro's password to?

See above.

>   c) will it break anything when I change it?

The only thing changing the filepro user's password will "break" is the
ability for someone that's been using the current password (if one even
exists) to log in using that same password after you've changed it.  The
filePro software in no way relies on logging in as filepro, or upon the
actual password.  There's a filepro user so that the binaries have a user
other than root to be set SUID to and the data can be owned by that user,
and that's it.  I have multiple systems set up where you can't even log in
as filepro, both because it has the password field set to an invalid
encryption (x or *), -and- because it doesn't have a valid login shell
that's listed in /etc/shells.

Happy to help to a degree on-list, but this stuff is pretty much "Unix 001"
territory.  If you have an administrator for the system, you might confer
with them; any competent administrator could answer these questions.  If
you don't, you might want to hire or contract one.

mark->