https://community.hpe.com/t5/operating-system-hp-ux/quick-question-about-pwgr/m-p/4860116#M396304 Hi Ken,<BR /><BR />Check this doc.<BR /><BR />Document description: How To Prevent Creation of Files in /var/spool/sockets/pwgr<BR />Document id: KBRC00012276<BR /><BR /><A href="http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000068401720" target="_blank">http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000068401720</A><BR /><BR />When the libc calls find this directory (/var/spool/sockets/pwgr) , they<BR />will create the socket files in preparation for using the pwgrd server daemon, whether pwgrd is running or not.<BR /><BR />remove the directory pwgr from /var/spool/sockets. <BR /><BR />More detailed info in above link.<BR /><BR />Best regards,<BR />Robert-Jan Wed, 08 Sep 2004 16:12:07 GMT Robert-Jan Goossens_1 2004-09-08T16:12:07Z https://community.hpe.com/t5/operating-system-hp-ux/quick-question-about-pwgr/m-p/4860115#M396303 Okay, I might already know the answer to this question, but want to run it by the experts first to confirm.<BR /><BR />To help secure our HPs, we have implemented several suggestions listed in the "How to create a Bastion Host" doc found all over the net, in it, it reads:<BR /><BR />pwgrd is a password and group caching daemon. Since we have a very small password and group file it is unnecessary. Also, a little detective work with lsof and tusc (Trace Unix System Calls) [12] shows us that it listens on a Unix domain socket for client requests, and we don't want to allow command channels like that to processes running as root, so we have additional incentive to disable it: <BR /><BR />Set the PWGR environment variable to 0 in /etc/rc.config.d/pwgr: <BR /><BR />PWGR=0<BR /><BR />We also remove stale sockets which will prevent unnecessary libc socket creation and requests to a nonexistent pwgrd listener: <BR /> <BR /># rm /var/spool/pwgr/* # really just need to remove status<BR /># rm /var/spool/sockets/pwgr/*<BR /><BR /><BR />which we did about a year ago...no problems..however, I have noticed that everytime a user logs on, a new socket is created in /var/spool/sockets/pwgr even though the daemon is not running. why is this? My thoughts are that possibly some other daemon creates the socket here for pwgr to use if needed, if that is the case, is there a way to turn that off as well? <BR /> Wed, 08 Sep 2004 13:37:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/quick-question-about-pwgr/m-p/4860115#M396303 Ken Penland_1 2004-09-08T13:37:36Z https://community.hpe.com/t5/operating-system-hp-ux/quick-question-about-pwgr/m-p/4860116#M396304 Hi Ken,<BR /><BR />Check this doc.<BR /><BR />Document description: How To Prevent Creation of Files in /var/spool/sockets/pwgr<BR />Document id: KBRC00012276<BR /><BR /><A href="http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000068401720" target="_blank">http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000068401720</A><BR /><BR />When the libc calls find this directory (/var/spool/sockets/pwgr) , they<BR />will create the socket files in preparation for using the pwgrd server daemon, whether pwgrd is running or not.<BR /><BR />remove the directory pwgr from /var/spool/sockets. <BR /><BR />More detailed info in above link.<BR /><BR />Best regards,<BR />Robert-Jan Wed, 08 Sep 2004 16:12:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/quick-question-about-pwgr/m-p/4860116#M396304 Robert-Jan Goossens_1 2004-09-08T16:12:07Z https://community.hpe.com/t5/operating-system-hp-ux/quick-question-about-pwgr/m-p/4860117#M396305 perfect, that is what I was suspecting, thanks for the confirmation! Thu, 09 Sep 2004 07:27:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/quick-question-about-pwgr/m-p/4860117#M396305 Ken Penland_1 2004-09-09T07:27:12Z