Fedora 15, new and exciting plans
Richard W.M. Jones
rjones at redhat.com
Sat Nov 20 17:50:43 UTC 2010
On Sat, Nov 20, 2010 at 06:32:26PM +0100, Michał Piotrowski wrote:
> How about removing some old unix crud? (he said this and he saw that
> some people starts to gather firewood in the stack :))
> Anyone uses gopher, uucp?
Someone at Red Hat asked me once what the purpose of the sync user
was, and I did some research and wrote the reply below. It may be
If you read this old (1988) advisory:
it seems clear the original intent of the 'sync' user was to allow an
administrator to log in as 'sync' and have that synchronize the disks,
without needing a password. There were apparently other user accounts
like 'who' with a similar purpose, and in the current passwd file we
can find similar accounts like 'halt' and 'shutdown'.
However having a passwordless guest account, even without a shell, is
a security hole (because some misconfigured or poorly written services
could allow access from one of these "users"):
I tried to find out for you when the 'sync' user was added to Unix.
It's *not* in Unix v7 (1979):
It *is* in Fedora Core 1 (2003) and RHL 5.0 (1996?) and Debian 0.9 (1995).
All of these have the password field set to '*' to prevent the
After a lot of internet spelunking, I found that MCC Interim Linux
(1992?) contained a 'sync' user with no password! So you could have
walked up to an MCC Interim Linux box c1992, and logged in as 'sync' /
no password, and it would have synchronized the disks.
It seems we inherited this tradition from Unix systems dating back to
some time in the 1980s. It was carried over to Linux in 1991/1992,
but soon afterwards the empty password field was replaced with a '*'
because of security concerns, and it's been like that to this day.
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
More information about the devel