From owner-freebsd-questions@FreeBSD.ORG Fri Feb 20 14:16:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEABD16A4CE for ; Fri, 20 Feb 2004 14:16:52 -0800 (PST) Received: from clunix.cl.msu.edu (clunix.cl.msu.edu [35.9.2.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4107743D2F for ; Fri, 20 Feb 2004 14:16:52 -0800 (PST) (envelope-from jerrymc@clunix.cl.msu.edu) Received: (from jerrymc@localhost) by clunix.cl.msu.edu (8.11.7p1+Sun/8.11.7) id i1KMGii12074; Fri, 20 Feb 2004 17:16:44 -0500 (EST) From: Jerry McAllister Message-Id: <200402202216.i1KMGii12074@clunix.cl.msu.edu> To: b@analogon.com (Thomas Beer) Date: Fri, 20 Feb 2004 17:16:44 -0500 (EST) In-Reply-To: <3545.217.235.127.4.1077313623.squirrel@webmail.pair.com> from "Thomas Beer" at Feb 20, 2004 09:47:03 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org cc: meimi Subject: Re: Removing system user X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2004 22:16:52 -0000 > > I would not delete them. A normal user, e.g., has to > be member of the group staff to su to root, etc. It is group wheel they need to be in. I suppose someone might have made staff work too, but wheel is the biggie. ////jerry > > Cheers Tom > > > On Fri, Feb 20, 2004 at 11:51:03PM +0800, meimi wrote: > > > >> I have read some document about server hardening. It suggests me > >> removing > >> the following users: > >> operator, games, news, uucp > >> and following groups: > >> operator, staff > >> I can guess that games is used for playing and news is used for > >> reading > >> news in news group. How about the other? Their descriptions in passwd > >> are > >> not clear. > >> Am I safe to remove them in normal server environment (web, mail, ftp, > >> DNS, SSH)? > > > > You can certainly remove those users and groups, but it's unlikely to > > gain you very much and quite likely to cause you some problems. It > > will certainly make it harder for you to do routine updates on your > > system, possibly including some security patches. > > > > So long as you don't alter the entries in the master.passwd and group > > files for those entities, you're pretty safe. Those IDs exist mostly > > to be the owners of various files: note that the shell has been set to > > /sbin/nologin and the password for those accounts has been locked and > > that they have no special privileges despite the low UID and GID > > numbers -- as such they are rather less dangerous than the account you > > use to log in via. > > > > All in all, I wouldn't bother touching those accounts. > > > > Cheers, > > > > Matthew > > > > -- > > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > > Savill Way > > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > > Tel: +44 1628 476614 Bucks., SL7 1TH UK > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >