SCO OpenServer & filePro permissions

scooter6 at gmail.com scooter6 at gmail.com
Tue Oct 12 06:37:59 PDT 2010 

  Mark,

  I am also an administrator and I understand all you're saying.
  My only concern was I don't ever recall manually creating a filepro user,
I assumed it was created by default when installed.
  Therefore, I wouldn't expect the user 'filepro' to have an expired
password.
  That was my only concern on this.

  Thanks

  Scott



On Mon, Oct 11, 2010 at 10:26 PM, Fairlight <fairlite at fairlite.com> wrote:

> The honourable and venerable scooter6 at gmail.com spoke thus:
> > So does it matter what I set filepro's password to? I never
> > knew it got installed with a password, much less a password that
> > expires?? Strange......
>
> If the installation is what creates the filepro user, my recollection is
> that it does not even -set- a password, you have to do that manually.  I
> may be misremembering.  Usually I'm doing a migration, so I set up the
> account manually, before actual fP installation.
>
> If you're planning on physically logging in manually as filepro, then you
> should pick a strong password that you can remember.  If you're only going
> to be using su or ssh with authorized_keys, then you would be safe to just
> put x or * in the encryption field in /etc/shadow.  If you're not even
> going to have filepro as a user -do- anything, one can lock it down with a
> shell of /bin/nologin or /bin/false.
>
> > That leads me to the other part of my problems/issues/questions.  I'm
> > assuming them I can use the filepro user to ftp to our client's site
> > and 'get' files, thus these files would have filepro ownership already,
> > right?
>
> Given the correct credentials and automation, yes, the filepro user can ftp
> out and get files.  Resultant files would be owned by filepro.
>
> > I guess I can also do some 'system' calls to chmod etc right from
> > processing.
>
> I know you can, I don't have to guess.  Now chown is another story
> entirely...
>
> > But I would like to know if:
> >   a) this is standard behaviour for filepro (an expiring password)
>
> Password expiry has nothing whatsoever to do with filepro, and everything
> to do with the security configuration of the authentication subsystem of
> the underlying operating system.  I'm not sure what SCO is using as of
> 5.0.7.  In linux, this would be a function of how the PAM module is
> configured, for most (if not all) modern distributions.
>
> >   b) does it matter what I set filepro's password to?
>
> See above.
>
> >   c) will it break anything when I change it?
>
> The only thing changing the filepro user's password will "break" is the
> ability for someone that's been using the current password (if one even
> exists) to log in using that same password after you've changed it.  The
> filePro software in no way relies on logging in as filepro, or upon the
> actual password.  There's a filepro user so that the binaries have a user
> other than root to be set SUID to and the data can be owned by that user,
> and that's it.  I have multiple systems set up where you can't even log in
> as filepro, both because it has the password field set to an invalid
> encryption (x or *), -and- because it doesn't have a valid login shell
> that's listed in /etc/shells.
>
> Happy to help to a degree on-list, but this stuff is pretty much "Unix 001"
> territory.  If you have an administrator for the system, you might confer
> with them; any competent administrator could answer these questions.  If
> you don't, you might want to hire or contract one.
>
> mark->
>  _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.celestial.com/pipermail/filepro-list/attachments/20101012/79e67349/attachment.html

More information about the Filepro-list mailing list