cancel
Showing results for 
Search instead for 
Did you mean: 

Disable system userid???

 
Highlighted
Occasional Contributor

Disable system userid???

Hi,

The auditor requested us to disable or remove the access to the shell for the following users:
1. bin
2. daemon
3. sys
4. uucp
5. ip
6. nuucp

Can I do that and how? will it be affecting the system after i dsiable these users?

Thanks for your advices.

Regards,
Oee
4 REPLIES 4
Highlighted
Trusted Contributor

Re: Disable system userid???

passwd -l

Will lock the user's login.

All the logins in your list are usually locked by default.

passwd -s to see the status.

I've no experience of what might break if you change the default shell for these admin type users. But you could experiment if you have a suitable test platform - be prepared to boot to single user if it gets out of hand.

uucp and nuucp usually have a special shell /usr/lbin/uucp/uucico; so it may not be a good idea to mess with them if you use uucp (does anyone still use uucp?)

Highlighted
Honored Contributor

Re: Disable system userid???

DO not remove these user IDs. The auditors cannot login to any of these user IDs -- they were disabled when your system was installed and unless someone changed these logins, they are still disabled. You can take the extra steps to lock the user IDs with the passwd command and change the login shell to /usr/bin/false.

These are special user IDs and no one will ever login to them. But they represent system ownership of specific files. Removing them may be detrimental to your system.


Bill Hassell, sysadmin
Highlighted
Trusted Contributor

Re: Disable system userid???

Hi,

please dont remove or disable these system generated users.

for the audit point of view these user accounts increase the likelihood of compromise by providing attackers with more user accounts to check for security holes.

Better idea to change their login shell by /usr/bin/false or /dev/null or /bin/false and finally cross check /etc/passwd file for changes. Now these users will not be able to get any shell in the system for normal operation.
Highlighted
Honored Contributor

Re: Disable system userid???

They are special and already must be disabled, if you want to see if they are locked;
# passwd -a -s

Thus who is locked or PS (PS means normal pwd account) will be shown.