HPE Community
Operating System - HP-UX
1836569 Members
1801 Online
110102 Solutions
New Discussion

Re: Disabling Default User Profiles

 
James Lim_1
New Member

‎04-22-2003 10:37 PM

‎04-22-2003 10:37 PM

Disabling Default User Profiles

Hello,

Ok straight question: Would there be an adverse effect if default user profiles (e.g., uucp, nuucp, sys, adm, www, & nobody)were to be disabled. I know default profiles are pseudo-accounts because they own system files, but would disabling them also disable the functions connected with them. For example: If UUCP and DAEMON were to be disabled would this also disable the services connected with them.

Wouldn't it be possible to give say the System Administrator's user profile the same capabilities as the default users. I'm asking because my resource materials isn't too clear on this.

Second question: in an untrusted system if an asterisk appears on the password field, does this mean that profile is disabled? Because in a trusted system all users have an * in the password field.

THANKS. I HOPE I HAVEN'T ASKED TOO MANY QUESTIONS. =)
asking is learning, no matter how dumb.
0 Kudos
Reply
3 REPLIES 3
Michael Tully
Honored Contributor

‎04-22-2003 10:43 PM

‎04-22-2003 10:43 PM

Re: Disabling Default User Profiles

No disabling these accounts are fine. This will not affect any background daemons or services.

I would not use the same .profile for root as other users. The best way is to restict users as much as possible, and only give them what they really need. No need to open security holes etc for people who don't need things right ..? Use the default .profile provided by the system. (/etc/skel/.profile)
Yes, having a '*' instead of the encrypted password, does not allow that user to login on a non-trusted system.

HTH
Michael
BTW Asking questions is how we all learn and that is what this forum is all about, sharing and learning....
Anyone for a Mutiny ?
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎04-22-2003 10:58 PM

‎04-22-2003 10:58 PM

Re: Disabling Default User Profiles

hi,
1. No there will not be any problem. even u can remove the following accounts for security reasons.
www, uucp, nuucp, hpdb, daemon, webadmin, smbnull

2. In a trusted system encrypted passwords are moved to protected password database /tcb/files/auth/. and in the /etc/passwd file a * will be placed in the password field. In an untrusted system * in the /etc/passwd file indicates the user account is locked.

Regards
Never Say No
0 Kudos
Reply
Michael Tully
Honored Contributor

‎04-22-2003 11:04 PM

‎04-22-2003 11:04 PM

Re: Disabling Default User Profiles

Just as a side note, you can use 'passwd -l to disable an account. This will save you actually editing the /etc/passwd file (always fraught with danger)
Anyone for a Mutiny ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.