Newsgroups: comp.unix.sysv386
Path: utzoo!utgpu!watserv1!watmath!mks.com!eric
From: eric@mks.com (Eric Gisin)
Subject: security of Interactive powerdown login
Organization: Mortice Kern Systems Inc., Waterloo, Ontario, CANADA
Date: Fri, 9 Nov 90 21:25:10 GMT
Message-ID: <1990Nov9.212510.9086@mks.com>

Having no password on the "powerdown" userid in Interactive UNIX
is a major but non-obvious security risk. Make sure it has the root password.

If you want a more secure password-less powerdown userid
and you have Interactive 2.2, you can change the shell for powerdown
to /usr/admin/powerdown and add the following lines to the top of
the /usr/admin/powerdown shell script:
	#! /bin/sh
	PATH=/bin:/usr/bin:/usr/lbin export PATH
