This morning as I’m checking the cron-generated mail, I’ve got a message from the web server’s quota checker telling me there were a whole bunch of usernames that don’t have quotas. At first glance it’s just annoying. The Unix quota on Mac OS X has an annoying habit of getting out of sync every six months or so.

Then I realize… I don’t recognize any of those account names. These are accounts on the main web server; I add all accounts to the web group, and I don’t recognize any of these. A quick check of our LDAP system indicates that yes, these new account names are in the web group. Theoretically, they have access to log in to our main web server. Where did they come from?

A quick yell to the ITS panic list and several people recognize these accounts as Trustee accounts. How did they end up belonging to the webmaster group? Because we have three types of people at USD: employees, faculty, and staff. Each of them get their own group ID. If someone doesn’t have a listed type, the system defaults them to being… web masters.

This is (fortunately) the first time we’ve added anyone to the system who wasn’t either employee, faculty, or staff, but it’s comforting to know that if you can convince our system that it doesn’t know who you are, you’ll have write access to the web server.