Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!uakari.primate.wisc.edu!aplcen!aplcomm!uunet!vtserf!marchany From: marchany@vtserf.cc.vt.edu (Randy Marchany) Newsgroups: comp.admin.policy Subject: Re: Student suspended for distributing /etc/passwd Message-ID: <1911@vtserf.cc.vt.edu> Date: 17 Jun 91 14:03:41 GMT References: Organization: Virginia Tech, Blacksburg, VA Lines: 31 In article pcg@aber.ac.uk (Piercarlo Grandi) writes: > >No. The point is: what the student did was not improper. There was a >file readable to all. He took a copy of it, and gave it to somebody >else. Had he had done so with /etc/motd, would that have been a breach >of security? Clearly not. So this guy was suspended for having done >something that was thoroughly harmless. >It's not always true, but the shrillest screams about "hackers" often >come from the sysadmins that know they are inadequate. >-- Yes, it's not true. I suspect that the screams come from sysadmins who were once "hackers" themselves. A simple extension of the "it takes one to know one" maxim, frankly, I would think that while it is true that /etc/passwd is world readable, there really isn't any reason why someone should pass copies of it around. If there was a legitimate reason, certainly a note to the sysadmin telling him why it was being copied would clear the air, eh? :-) Once again, sites need to DEFINE their policy and EDUCATE their user community and if the users AGREE to abide by that policy, we have no right to denigrate a particular site's handling of a policy violation. Sysadmins need to formulate a DRAFT policy and obtain the support of their administration (pres., vice-pres., dean, etc.) to enforce it. -Randy Marchany VA Tech Computing Center Blacksburg, VA 24060 INTERNET: marchany@vtserf.cc.vt.edu "my opinions are my own"