topic Re: user list in SAM in Operating System - HP-UX

user list in SAM

Fauziah Mahdan — Tue, 07 Jun 2005 20:18:03 GMT

Hi all where can I find any doc related to the list of user in SAM, like who is the user, the function and the purpose to create esp default one. E.g bin,daemon,hpdb,lp,,nuucp,uucp,www and etc

Thanks

Re: user list in SAM

Paul_481 — Tue, 07 Jun 2005 21:09:54 GMT

Hi Fauziah,

These users are pseudo and special accounts that is used by subsystem.

FROM MANAGING STANDARDS AND PASSWORDS

http://docs.hp.com/en/5990-8172/ch08s03.html#bjeieaae

By tradition, the /etc/passwd file contains numerous â pseudo-accountsâ â entries not associated with individual users and which do not have true interactive login shells.

Some of these entries, such as date, who, sync, and tty, evolved strictly for user convenience, providing commands that could be executed without logging in. To tighten security, they have been eliminated in the distributed /etc/passwd so that these programs can be run only by a user who is logged in.

Other such entries remain in /etc/passwd because they are owners of files. Programs with owners such as adm, bin, daemon, hpdb, lp, and uucp encompass entire subsystems, and represent a special case. Since they grant access to files they protect or use, these programs must be allowed to function as pseudo-accounts, with entries listed in /etc/passwd. The customary pseudo- and special accounts are shown in Figure 8-1, â Pseudo- and Special System Accountsâ .

Re: user list in SAM

Joseph Loo — Tue, 07 Jun 2005 21:32:16 GMT

hi,

some threads on these users, just in case u r ask by auditor for the function of these users:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=142049

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=232066

also, do not delete them.

regards.

Re: user list in SAM

vinod_25 — Sat, 18 Jun 2005 04:24:30 GMT

hi Fauz...

dont ever delete these users...

as these are the default users of unix ...

and users cannot login with any of these usernames ( root or rootequiv can login by changing the passwd).. ... so dont panic!

Regards

Vinod k

Re: user list in SAM

Mel Burslan — Sat, 18 Jun 2005 13:37:13 GMT

well, I have to disagree with "don't delete those users" comment here. Yeah, you do not go in and delete them all but if your server is not going to use some sort of web server or app server, you do not need www account. Heck even if you are going to run it but run it under a predefined user, you will not need this account. Another candidate for deletion is hpdb account. Even some hp engineers I talked to, does not remember what it used to be used for anymore. Most probably it was something related to hp's old database, allbase, but do you use it ? I sure don't. So, why do I need it as a sore point when I get SOX audited.

So my suggestion is sysadm of each system needs to decide if they have any use for any of these accounts and delete the ones he/she needs on his/her own discretion.

to see if a user has any files/directories associated by this username, run the command:

find / -user $USERNAME

(do it when your system has very low utilization, as this will hammer your disks pretty bad)

and see if it lists anything. If it does, decide if these files are used for anything related to the purpose of this server. For instance, if you are going to run a very specific application on your server and you get an apache web server installed with user id www, do you really want it there, as a security threat ?

This issue is more political than technical. So, every data center should make their own decisions about which of the default users they get handed upon a fresh system installation they want to delete and which ones to keep.

Hope this helps.

Re: user list in SAM

Fauziah Mahdan — Fri, 24 Jun 2005 22:00:09 GMT

Hi all,
thanks for the reply. Sorry late, I attend SNA1 course at HP education Centre Malaysia. Did ask the same question too. I am doing the doc of all my hp-ux servers that's why need the info.....will refer to the link...

Thanks