From owner-freebsd-questions Wed Nov 3 8:27:35 1999 Delivered-To: freebsd-questions@freebsd.org Received: from unix.megared.net.mx (megamail.megared.com.mx [207.249.162.252]) by hub.freebsd.org (Postfix) with ESMTP id 40E9714D86 for ; Wed, 3 Nov 1999 08:27:25 -0800 (PST) (envelope-from ales@megared.net.mx) Received: from ales (pix.megared.net.mx [207.249.162.253] (may be forged)) by unix.megared.net.mx (8.9.3/8.9.3) with SMTP id KAA46346; Wed, 3 Nov 1999 10:27:56 -0600 (CST) (envelope-from ales@megared.net.mx) Message-ID: <01e801bf2618$0feb1b40$bdc3fea9@megared.net.mx> Reply-To: "Alejandro Ramirez" From: "Alejandro Ramirez" To: "FreeBSD Questions" , "Scott I. Remick" References: <4.2.1.19991102120616.00af55d0@mail.computeralt.com> Subject: RE: Deletable default accounts? Date: Wed, 3 Nov 1999 10:25:37 -0600 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, Most of this default accounts are for system use primarly, they are disabled by default in 2 ways: 1.- They have the "/sbin/nologin" shell by default wich its for not to give a login shell to this account. 2.- They are disabled by default, look in the /etc/master.passwd, and you will find an "*" in the password field, this indicates that this or any account having an "*" mark will never login. BTW this is usefull when you want to disable a user account without deleting it, just run vipw and add a "*" mark in to the password of the user, and when you want to re-enable this user again, just remove the "*" mark from the password of the user. So I think it wouldnt be wise if you take this accounts out of your system, they dont represent a security risk. Greetings Ales ----- Original Message ----- From: Scott I. Remick To: FreeBSD Questions Sent: Tuesday, November 02, 1999 11:10 AM Subject: Deletable default accounts? > I'm setting up a new 3.3 system to be a dual-homed router/firewall. It > will only be running ssh2, ipfw, etc. What default accounts can I safely > remove to tighten security? > > toor, daemon, operator, bin, tty, kmem, games, news, man, bind, ucp, xten, > pop, nobody > > I'm thinking that probably toor, games, news, bind, ucp, and pop can > go. I'm also thinking daemon, operator, and man cannot. But I'm not > certain. Can someone enlighten me about all of them? Thanks. > > > ----------------------- > Scott I. Remick scott@computeralt.com > Network and Information (802)388-7545 ext. 236 > Systems Manager FAX:(802)388-3697 > Computer Alternatives, Inc. http://www.computeralt.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message