Preetham, These system accounts (daemon, nobody, lp, bin, uucp etc.) are using to execute system functions that require special privilages. For eg. to access certain files or directories, but that does not require root privilages. These special users are associated with particular system functions rather than indvidual users. Different flavours have slightly different kind of implementation. To understand why these special accounts are in use, we can consider the example of uucp (Unix to Unix CoPy) program. Except for legacy networks, uucp is not a widely use mail transmission mechanism now. UUCP is use for transfering files and mails between unix systems connected by telephone lines. When one computer dials another it must first log in instead of logging in as root, the remote compter log in as uucp. The mails (or files) that is awaiting transmission to the remote machine is stored in directories that are readable only by uucp user. nobody - nfs anonymous access user; nobody4 - nfs4 anonymous access user; uucp - uucp admin; daemon - use for network utilities; bin, sys - for system files; lp - for line printer (or laser printer :-)) etc. However I think some are maintain as it is due to historical reasons to keep the legacy systems interact well with more recent Linux systems. HTH Jose -----Original Message----- From: Preetam Ramakrishna [mailto:rpreetam@novell.com] Sent: Friday, August 05, 2005 9:47 AM To: suse-security@suse.com Subject: [suse-security] nobody Hi, The system accounts like nobody, daemon, lp, etc on SUSE have a shell in the /etc/password file. Why is this required. These system accounts do not have a shell on other unix / linux systems. Thanks, Preetam -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Jose, Thanks for the information. I understand the need for system accounts. But, I thought giving a shell to such accounts could be a security risk. Thanks, Preetam
<Jose_Thomas@Dell.com> 8/8/2005 10:09:18 AM >>> Preetham,
These system accounts (daemon, nobody, lp, bin, uucp etc.) are using to execute system functions that require special privilages. For eg. to access certain files or directories, but that does not require root privilages. These special users are associated with particular system functions rather than indvidual users. Different flavours have slightly different kind of implementation. To understand why these special accounts are in use, we can consider the example of uucp (Unix to Unix CoPy) program. Except for legacy networks, uucp is not a widely use mail transmission mechanism now. UUCP is use for transfering files and mails between unix systems connected by telephone lines. When one computer dials another it must first log in instead of logging in as root, the remote compter log in as uucp. The mails (or files) that is awaiting transmission to the remote machine is stored in directories that are readable only by uucp user. nobody - nfs anonymous access user; nobody4 - nfs4 anonymous access user; uucp - uucp admin; daemon - use for network utilities; bin, sys - for system files; lp - for line printer (or laser printer :-)) etc. However I think some are maintain as it is due to historical reasons to keep the legacy systems interact well with more recent Linux systems. HTH Jose -----Original Message----- From: Preetam Ramakrishna [mailto:rpreetam@novell.com] Sent: Friday, August 05, 2005 9:47 AM To: suse-security@suse.com Subject: [suse-security] nobody Hi, The system accounts like nobody, daemon, lp, etc on SUSE have a shell in the /etc/password file. Why is this required. These system accounts do not have a shell on other unix / linux systems. Thanks, Preetam -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (2)
-
Jose_Thomas@Dell.com -
Preetam Ramakrishna