Mail: Mailboxes in /var/mail are owned by group mail, as explained in policy. Man: The man program (sometimes) runs as user man, so it can write cat pages to /var/cache/man Games: Many games are SETGID to games so they can write their high score files. Thus, if its password is set to something easy to guess (such as ""), anyone can sync the system at the console even if they have don't have an account. Sync: The shell of user sync is /bin/sync. However, /dev/vcs* and /var/spool/cups are owned by group sys. The daemon user is also handy for locally installed daemons. Daemons that don't need to own any files can run as nobody.nogroup instead, and more complex or security conscious daemons run as dedicated users. The list of default users (with a corresponding group) follows:ĭaemon: Some unprivileged daemons that need to write to files on disk run as daemon.daemon (e.g., portmap, atd, probably others). Look in its documentation for more information on how these users are handled in Debian. While read i do find / -user "$i" | grep -q. To easily find users who don't own any files, execute the following command (run it as root, since a common user might not have enough permissions to go through some sensitive directories): cut -f 1 -d : /etc/passwd | \ In any case, the default behavior is that UID's from 0 to 99 are reserved in Debian, and UID's from 100 to 999 are created by packages on install (and deleted when the package is purged). If you do not intend to install new services, you can safely remove those users who do not own any files in your system and do not run any services. Debian comes with some predefined users (user id (UID) < 99 as described in Debian Policy or /usr/share/doc/base-passwd/README) to ease the installation of some services that require that they run under an appropriate user/UID. 12.1.12.1 Are all system users necessary?
0 Comments
Leave a Reply. |