[SLE] All those users in passwd
When I look at the /etc/passwd file there are a lot of users such as irc, named, fnet, etc... Are they security holes? If they are, which ones can I remove? Sam -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
if you aren't running the services. kill the user and it will cause no problem. ryan -~->-----Original Message----- -~->From: Sam Carleton [mailto:activex1@one.net] -~->Sent: Thursday, January 06, 2000 3:52 PM -~->To: SuSE -~->Subject: [SLE] All those users in passwd -~-> -~-> -~->When I look at the /etc/passwd file there are a lot of users such as -~->irc, named, fnet, etc... Are they security holes? If they are, which -~->ones can I remove? -~-> -~->Sam -~-> -~-> -~->-- -~->To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com -~->For additional commands send e-mail to -~->suse-linux-e-help@suse.com -~->Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/ -~-> -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Thu, 06 Jan 2000, Sam Carleton wrote:
When I look at the /etc/passwd file there are a lot of users such as irc, named, fnet, etc... Are they security holes? If they are, which ones can I remove?
Those users are for use by daemons of the same name, so as to *not* create security holes by running the services as `root'. A stroke of genius on the developers' respective parts :). Those users have no login privilages, and are only allowed to run the services that they own, not even simple tools like `ls'. -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | http://www.atipa.com /\\ Kansas City, MO, USA | 816-241-2641 _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Jon Pennington wrote:
On Thu, 06 Jan 2000, Sam Carleton wrote:
When I look at the /etc/passwd file there are a lot of users such as irc, named, fnet, etc... Are they security holes? If they are, which ones can I remove?
Those users are for use by daemons of the same name, so as to *not* create security holes by running the services as `root'. A stroke of genius on the developers' respective parts :). Those users have no login privilages, and are only allowed to run the services that they own, not even simple tools like `ls'.
Alas, I deleted most of them. Is there a way to restore them that you know of, given that I don't even know what needs to be restored or what attributes those users should have? Paul -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Paul W. Abrahams" wrote:
Jon Pennington wrote:
On Thu, 06 Jan 2000, Sam Carleton wrote:
When I look at the /etc/passwd file there are a lot of users such as irc, named, fnet, etc... Are they security holes? If they are, which ones can I remove?
Those users are for use by daemons of the same name, so as to *not* create security holes by running the services as `root'. A stroke of genius on the developers' respective parts :). Those users have no login privilages, and are only allowed to run the services that they own, not even simple tools like `ls'.
Alas, I deleted most of them. Is there a way to restore them that you know of, given that I don't even know what needs to be restored or what attributes those users should have?
I think they are created by installing the assosiated software package. If not, they must be installed all together with some other package, assumingly with the base series. Juergen -- =========================================== __ _ Juergen Braukmann juergen.braukmann@gmx.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu | /\\ /__/ / _ \/ // /\ \/ / ===========================================_\_v __/_/_//_/\_,_/ /_/\_\ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi, On Thu, Jan 06, 2000 at 17:41 -0600, Jon Pennington wrote:
developers' respective parts :). Those users have no login privilages, and are only allowed to run the services that they own, not even simple tools like `ls'.
Hmm, not quite correct: [sttr]/home/sttr> l /bin/ls -rwxr-xr-x 1 root root 52292 Nov 8 20:51 /bin/ls* Anyone can run ls. It's more important that those users, unlike root, don't have write permissions everywhere. Ciao, Stefan -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Fri, 07 Jan 2000, Stefan Troeger wrote:
Hi,
On Thu, Jan 06, 2000 at 17:41 -0600, Jon Pennington wrote:
developers' respective parts :). Those users have no login privilages, and are only allowed to run the services that they own, not even simple tools like `ls'.
Hmm, not quite correct:
[sttr]/home/sttr> l /bin/ls -rwxr-xr-x 1 root root 52292 Nov 8 20:51 /bin/ls*
Anyone can run ls. It's more important that those users, unlike root, don't have write permissions everywhere.
Thanks for the correction. Comment withdrawn. -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | http://www.atipa.com /\\ Kansas City, MO, USA | 816-241-2641 _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (6)
-
abrahams@mbs.valinet.com -
activex1@one.net -
jpennington@atipa.com -
juergen.braukmann@ruhr-west.de -
ryagatich@csn1.com -
sttr@sttr.de