https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094386#M442938 I would not touch any of the <BR />daemon, bin, sys, adm, lp, nobody. They are traditional system accounts and some critical system areas have these as owners or their associated group id as group owner.<BR /><BR />uucp, nuupc: Unless you are using uucp (which I have not seen anyone using it since the 1980s) you can remove these accounts<BR /><BR />hpdb: Can be deleted. It was a default user for an old HP database (I can't remember its name)<BR /><BR />ssh: Used by the sshd service<BR /><BR />www, iwww, owww: used by hpws (HP web Services). Even if you dont run any of the hpws services (hpadmin etc) you should leave these alone. They may be needed down the line or during a patch install, upgrade etc.<BR /><BR />smbnull: Used by SAMBA (aka CIFS). If you don't run SAMBA the account can be deleted.<BR /><BR />mysql: Used by the OpenSQL. It can be deleted if you don't use the openSQL.<BR /><BR />tftp: Should be deleted. And keep looking because it gets added back every time you install a new version of igniteUX.<BR /><BR />When you clean up your server you should also look into all the installed software and swremove some of those as well. Some of the accounts if removed have istalled software that could also be removed. Wed, 05 Mar 2008 13:16:38 GMT TTr 2008-03-05T13:16:38Z https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094382#M442934 Hi Bodies,<BR /><BR />I'm having security compliance observations... one is about the users that exist by default on Unix and its secureness, so the cuestion is:<BR />Where can I find information about the users that exists by default on Unix and what are the Best Practices to its management?<BR /><BR />Thanks, Mon, 25 Feb 2008 22:53:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094382#M442934 Gamaliel 2008-02-25T22:53:24Z https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094383#M442935 Hi:<BR /><BR />I suspect that you are asking about accounts like 'bin', 'sys', 'daemon', 'adm'. 'uucp', 'lp', 'nobody'. These are used for daemon processes and to provide some degree of granular security for subsystems like printing and NFS. You will note that the password associated with these accounts is an asterisk ("*") which means that direct login is not allowed. Hence, tell you auditors to look elsewhere :-)<BR /><BR />Regards!<BR /><BR />...JRF... Mon, 25 Feb 2008 23:44:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094383#M442935 James R. Ferguson 2008-02-25T23:44:45Z https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094384#M442936 Hi James,<BR /><BR />Maybe I'll sound so silly, but...<BR /><BR />I think all the passwords are marked as * because the server is configured in trusted mode, isn't? The users daemon, bin, sys, adm, lp, hpdb, www, webadmin, sshd can't connect because they have /usr/bin/false as their starting shell. I have other users as uucp, nuucp, smbnull, iwww, owww, mysql that seem to be as default users... anyway they stand for what? Any documentation? Tue, 04 Mar 2008 22:49:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094384#M442936 Gamaliel 2008-03-04T22:49:01Z https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094385#M442937 Jo,<BR /><BR />refer to this <A href="http://docs.hp.com/en/B2355-90950/ch08s03.html" target="_blank">http://docs.hp.com/en/B2355-90950/ch08s03.html</A><BR /><BR />Eliminating Pseudo-Accounts and Protecting Key Subsystems <BR /> <BR />By tradition, the /etc/passwd file contains numerous â pseudo-accountsâ â entries not associated with individual users and which do not have true interactive login shells.<BR /><BR />WK<BR /> Wed, 05 Mar 2008 06:17:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094385#M442937 whiteknight 2008-03-05T06:17:09Z https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094386#M442938 I would not touch any of the <BR />daemon, bin, sys, adm, lp, nobody. They are traditional system accounts and some critical system areas have these as owners or their associated group id as group owner.<BR /><BR />uucp, nuupc: Unless you are using uucp (which I have not seen anyone using it since the 1980s) you can remove these accounts<BR /><BR />hpdb: Can be deleted. It was a default user for an old HP database (I can't remember its name)<BR /><BR />ssh: Used by the sshd service<BR /><BR />www, iwww, owww: used by hpws (HP web Services). Even if you dont run any of the hpws services (hpadmin etc) you should leave these alone. They may be needed down the line or during a patch install, upgrade etc.<BR /><BR />smbnull: Used by SAMBA (aka CIFS). If you don't run SAMBA the account can be deleted.<BR /><BR />mysql: Used by the OpenSQL. It can be deleted if you don't use the openSQL.<BR /><BR />tftp: Should be deleted. And keep looking because it gets added back every time you install a new version of igniteUX.<BR /><BR />When you clean up your server you should also look into all the installed software and swremove some of those as well. Some of the accounts if removed have istalled software that could also be removed. Wed, 05 Mar 2008 13:16:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094386#M442938 TTr 2008-03-05T13:16:38Z https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094387#M442939 Thank you all, your comments where helpful as always.<BR /><BR />JSG Tue, 18 Mar 2008 16:13:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/unix-default-users/m-p/5094387#M442939 Gamaliel 2008-03-18T16:13:56Z