SOLVED: Unix user pcpatch, its password - security question

giner · Beitrag von **giner** » 24 Sep 2014, 10:04

Hello,

From manual:

# Set the password of user pcpatch for Unix, samba and opsi.
opsi-admin -d task setPcpatchPassword

By defaut it is possible to login locally or by ssh within "pcpatch" user.
As I understand from the manual (and experiments prove it) pcpatch Unix user is not used. What about removing Unix password for this user by default (and do not set with setPcpatchPassword) and leave only Samba password so it can't login by SSH or locally?

Also this user should have read-only access to Samba shares. I know it is mentioned in the manual but I think this should be default behaviour.

Best regards,
Stanislav German-Evtushenko

Beitrag von **ueluekmen** » 25 Sep 2014, 11:26

Hi,

the Unix user for pcpatch is used by ntfs-write-image and ntfs-restore-image. These products use ssh to write the image to the server.

We try to support opsi-clonezilla. This package is in Development state. If this package will be stable, we will end the support for the old imaging products. After that we can change the default behaviour.

Until the opsi-clonezilla package is in development state, we must support the old way of managing images and can't change setPcpatchPassword method. If you don't use the ntfs-write-image and ntfs-restore-image you can take the loginshell from pcpatch User to prevent his login.

giner · Beitrag von **giner** » 25 Sep 2014, 12:35

Hello,

Thank you for the detailed answer!
It is clear now.

Stanislav

forum.opsi.org

SOLVED: Unix user pcpatch, its password - security question

SOLVED: Unix user pcpatch, its password - security question

Re: Unix user pcpatch and it's password - security question

Re: SOLVED: Unix user pcpatch, its password - security quest