From owner-freebsd-questions@FreeBSD.ORG Fri Feb 20 13:47:04 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2E0E16A4CE for ; Fri, 20 Feb 2004 13:47:03 -0800 (PST) Received: from wbm3.pair.net (wbm3.pair.net [209.68.3.66]) by mx1.FreeBSD.org (Postfix) with SMTP id A75CB43D1F for ; Fri, 20 Feb 2004 13:47:03 -0800 (PST) (envelope-from b@analogon.com) Received: (qmail 5527 invoked by uid 65534); 20 Feb 2004 21:47:03 -0000 Received: from 217.235.127.4 ([217.235.127.4]) (SquirrelMail authenticated user be@analogon.com) by webmail.pair.com with HTTP; Fri, 20 Feb 2004 21:47:03 -0000 (GMT) Message-ID: <3545.217.235.127.4.1077313623.squirrel@webmail.pair.com> In-Reply-To: <20040220170622.GD4997@happy-idiot-talk.infracaninophile.co.uk> References: <20040220170622.GD4997@happy-idiot-talk.infracaninophile.co.uk> Date: Fri, 20 Feb 2004 21:47:03 -0000 (GMT) From: "Thomas Beer" To: "Matthew Seaman" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: freebsd-questions@freebsd.org cc: meimi Subject: Re: Removing system user X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2004 21:47:04 -0000 I would not delete them. A normal user, e.g., has to be member of the group staff to su to root, etc. Cheers Tom > On Fri, Feb 20, 2004 at 11:51:03PM +0800, meimi wrote: > >> I have read some document about server hardening. It suggests me >> removing >> the following users: >> operator, games, news, uucp >> and following groups: >> operator, staff >> I can guess that games is used for playing and news is used for >> reading >> news in news group. How about the other? Their descriptions in passwd >> are >> not clear. >> Am I safe to remove them in normal server environment (web, mail, ftp, >> DNS, SSH)? > > You can certainly remove those users and groups, but it's unlikely to > gain you very much and quite likely to cause you some problems. It > will certainly make it harder for you to do routine updates on your > system, possibly including some security patches. > > So long as you don't alter the entries in the master.passwd and group > files for those entities, you're pretty safe. Those IDs exist mostly > to be the owners of various files: note that the shell has been set to > /sbin/nologin and the password for those accounts has been locked and > that they have no special privileges despite the low UID and GID > numbers -- as such they are rather less dangerous than the account you > use to log in via. > > All in all, I wouldn't bother touching those accounts. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH UK >