cancel
Showing results for 
Search instead for 
Did you mean: 

Block system account

 
SOLVED
Go to solution
Muhammad Fakharuddin
Occasional Contributor

Block system account

bin
nuucp
smmsp
listen
gdm
webservd
nobody
noaccess
nobody4
adm
ip
uucp

How to disable or assign /dev/null to all of the above accounts?
8 REPLIES
Shibin_2
Honored Contributor

Re: Block system account

change the shell to /dev/null

usermod -s /dev/null
Regards
Shibin
Muhammad Fakharuddin
Occasional Contributor

Re: Block system account

If i run the command given,is there any impact on the account?How to ensure the account has been block and how to check?
Shibin_2
Honored Contributor

Re: Block system account

Command usermod will change it's options such as shell, comment etc, depends on what attribute you are giving.

It will only be successful, if user is not logged in the system.

Alternatively, you can do vipw and change the shell to /dev/null .

When you logged in, in simple explanation, you can run / execute commands or can login, because you have valid shell. If you don't have valid shell, it won't be able to login.


Regards
Shibin
Muhammad Fakharuddin
Occasional Contributor

Re: Block system account

thanx for the explanation.By the way,what is the command to unblock back the system account?
Bill Hassell
Honored Contributor

Re: Block system account

These are not accounts, they are user IDs (as are all IDs in the passwd file) and your list shows mostly OS user IDs. The command:

# passwd -sa

Shows you the system logins and their status where LK = locked. These logins will have an invalid password so they can never be used as a login. Your list includes a few other logins like nobody4 so report the status with:

passwd -s nobody4

DO NOT enable system logins or change the shell or home directory. They are created for system usage and are never used as normal logins. That's why they in the LK state.


Bill Hassell, sysadmin
Muhammad Fakharuddin
Occasional Contributor

Re: Block system account

Hi all thanks for the info.
I have run the command and the result as below:

root PS
daemon LK
bin LK
sys LK
adm LK
uucp LK
lp LK
nuucp LK
hpdb LK
nobody LK
www LK
smbnull LK
sshd LK
iwww LK
owww LK
hpsmh LK
dpadmin LK
opc_op LK

Confirm all the System id were locked. It was raised because recently there was
penetration test carried out by external vendor and they purpose of assigning
/dev/null for these system acct to ensure this acct not being use by unauthorized person
(in case no password is set for the account) and also as a backdoor login for
a hacker (in case of system break â in).
(They called this sys account). Any diff between system account and user id?

We are not sure the impact and in any case if we want to revert back.
So BIll as your advise it is not recommended to assign /dev/null because we
should not change the shell for this userid?

Ismail Azad
Esteemed Contributor

Re: Block system account

Hi,

Most of these are accounts that are "priveleged" for subsystems within the operating system. They are used to support system applications and are also called as pseudo accounts. However, the nobody user access can be restricted by giving a UID of -1. When you talk about optional network features, /etc/protocols is owned by bin. Your /etc/services is owned by bin! You want to assign /dev/null to all these accounts? If certain pseudo accounts don't function the way they are supposed to , they will not support your system applications in the way they were supposed to.

Regards
Ismail Azad
Read, read and read... Then read again until you read "between the lines".....
Bill Hassell
Honored Contributor
Solution

Re: Block system account

> by external vendor and they purpose of assigning /dev/null for these system acct to ensure this acct not being use by unauthorized person.

The vendor appears to be only slightly familiar with Unix. It is impossible to login to a locked account. There is no password that will allow access in HP-UX. You can tell your manager that you'll follow their recommendations but before you do, the vendor must sign a paper accepting responsibility for downtime and troubleshooting time to repair problems that may occur. Usually this sort of agreement will cause the vendor to retract their recommendation.


Bill Hassell, sysadmin