Adding a means to exclude certain users from CIS 5.6.2 #245
Assignees
Labels
question
Further information is requested
Comments
|
Thank you for raising the question, I feel anything we add to extend the functionality is a great idea as long as we keep it as simple to understand as possible. Many thanks as always uk-bolly |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Question
Would it be useful to others as well to have a way of excluding certain system users from the 'thou shalt not have a shell' hardening for system users.
Case in point: I install Gitea/Forgejo with the community maintained Ansible role and they create the service account that runs the app as a system user (uid < 1000), as they should.
Now most applications never have to use their shells, but Gitea/Forgejo is an interesting exception, as it provides it's SSH-based git functions via, you guessed it, a shell.
Now I'd be willing to write a patch to include this in the role, but I'd like to gauge interest before I do that :-)
The text was updated successfully, but these errors were encountered: