HPE Community
Operating System - HP-UX
1843938 Members
2029 Online
110226 Solutions
New Discussion

Unix default users

 
Gamaliel
Frequent Advisor

‎02-25-2008 02:53 PM

‎02-25-2008 02:53 PM

Unix default users

Hi Bodies,

I'm having security compliance observations... one is about the users that exist by default on Unix and its secureness, so the cuestion is:
Where can I find information about the users that exists by default on Unix and what are the Best Practices to its management?

Thanks,
0 Kudos
5 REPLIES 5
James R. Ferguson
Acclaimed Contributor

‎02-25-2008 03:44 PM

‎02-25-2008 03:44 PM

Re: Unix default users

Hi:

I suspect that you are asking about accounts like 'bin', 'sys', 'daemon', 'adm'. 'uucp', 'lp', 'nobody'. These are used for daemon processes and to provide some degree of granular security for subsystems like printing and NFS. You will note that the password associated with these accounts is an asterisk ("*") which means that direct login is not allowed. Hence, tell you auditors to look elsewhere :-)

Regards!

...JRF...
0 Kudos
Gamaliel
Frequent Advisor

‎03-04-2008 02:49 PM

‎03-04-2008 02:49 PM

Re: Unix default users

Hi James,

Maybe I'll sound so silly, but...

I think all the passwords are marked as * because the server is configured in trusted mode, isn't? The users daemon, bin, sys, adm, lp, hpdb, www, webadmin, sshd can't connect because they have /usr/bin/false as their starting shell. I have other users as uucp, nuucp, smbnull, iwww, owww, mysql that seem to be as default users... anyway they stand for what? Any documentation?
0 Kudos
whiteknight
Honored Contributor

‎03-04-2008 10:17 PM

‎03-04-2008 10:17 PM

Re: Unix default users

Jo,

refer to this http://docs.hp.com/en/B2355-90950/ch08s03.html

Eliminating Pseudo-Accounts and Protecting Key Subsystems

By tradition, the /etc/passwd file contains numerous â pseudo-accountsâ â entries not associated with individual users and which do not have true interactive login shells.

WK
Problem never ends, you must know how to fix it
0 Kudos
TTr
Honored Contributor

‎03-05-2008 05:16 AM

‎03-05-2008 05:16 AM

Re: Unix default users

I would not touch any of the
daemon, bin, sys, adm, lp, nobody. They are traditional system accounts and some critical system areas have these as owners or their associated group id as group owner.

uucp, nuupc: Unless you are using uucp (which I have not seen anyone using it since the 1980s) you can remove these accounts

hpdb: Can be deleted. It was a default user for an old HP database (I can't remember its name)

ssh: Used by the sshd service

www, iwww, owww: used by hpws (HP web Services). Even if you dont run any of the hpws services (hpadmin etc) you should leave these alone. They may be needed down the line or during a patch install, upgrade etc.

smbnull: Used by SAMBA (aka CIFS). If you don't run SAMBA the account can be deleted.

mysql: Used by the OpenSQL. It can be deleted if you don't use the openSQL.

tftp: Should be deleted. And keep looking because it gets added back every time you install a new version of igniteUX.

When you clean up your server you should also look into all the installed software and swremove some of those as well. Some of the accounts if removed have istalled software that could also be removed.
0 Kudos
Gamaliel
Frequent Advisor

‎03-18-2008 09:13 AM

‎03-18-2008 09:13 AM

Re: Unix default users

Thank you all, your comments where helpful as always.

JSG
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.