Operating System - HP-UX
1833827 Members
2182 Online
110063 Solutions
New Discussion

Re: Disabling Default User Profiles

 
James Lim_1
New Member

Disabling Default User Profiles

Hello,

Ok straight question: Would there be an adverse effect if default user profiles (e.g., uucp, nuucp, sys, adm, www, & nobody)were to be disabled. I know default profiles are pseudo-accounts because they own system files, but would disabling them also disable the functions connected with them. For example: If UUCP and DAEMON were to be disabled would this also disable the services connected with them.

Wouldn't it be possible to give say the System Administrator's user profile the same capabilities as the default users. I'm asking because my resource materials isn't too clear on this.

Second question: in an untrusted system if an asterisk appears on the password field, does this mean that profile is disabled? Because in a trusted system all users have an * in the password field.

THANKS. I HOPE I HAVEN'T ASKED TOO MANY QUESTIONS. =)
asking is learning, no matter how dumb.
3 REPLIES 3
Michael Tully
Honored Contributor

Re: Disabling Default User Profiles

No disabling these accounts are fine. This will not affect any background daemons or services.

I would not use the same .profile for root as other users. The best way is to restict users as much as possible, and only give them what they really need. No need to open security holes etc for people who don't need things right ..? Use the default .profile provided by the system. (/etc/skel/.profile)
Yes, having a '*' instead of the encrypted password, does not allow that user to login on a non-trusted system.

HTH
Michael
BTW Asking questions is how we all learn and that is what this forum is all about, sharing and learning....
Anyone for a Mutiny ?
V. V. Ravi Kumar_1
Respected Contributor

Re: Disabling Default User Profiles

hi,
1. No there will not be any problem. even u can remove the following accounts for security reasons.
www, uucp, nuucp, hpdb, daemon, webadmin, smbnull

2. In a trusted system encrypted passwords are moved to protected password database /tcb/files/auth/. and in the /etc/passwd file a * will be placed in the password field. In an untrusted system * in the /etc/passwd file indicates the user account is locked.

Regards
Never Say No
Michael Tully
Honored Contributor

Re: Disabling Default User Profiles

Just as a side note, you can use 'passwd -l to disable an account. This will save you actually editing the /etc/passwd file (always fraught with danger)
Anyone for a Mutiny ?