Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Nov 1999 10:25:37 -0600
From:      "Alejandro Ramirez" <ales@megared.net.mx>
To:        "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>, "Scott I. Remick" <scott@computeralt.com>
Subject:   RE: Deletable default accounts?
Message-ID:  <01e801bf2618$0feb1b40$bdc3fea9@megared.net.mx>
References:  <4.2.1.19991102120616.00af55d0@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

    Most of this default accounts are for system use primarly, they are
disabled by default in 2 ways:

1.- They have the "/sbin/nologin" shell by default wich its for not to give
a login shell to this account.
2.- They are disabled by default, look in the /etc/master.passwd, and you
will find an "*" in the password field, this indicates that this or any
account having an "*" mark will never login. BTW this is usefull when you
want to disable a user account without deleting it, just run vipw and add a
"*" mark in to the password of the user, and when you want to re-enable this
user again, just remove the "*" mark from the password of the user.

    So I think it wouldnt be wise if you take this accounts out of your
system, they dont represent a security risk.

Greetings
Ales


----- Original Message -----
From: Scott I. Remick <scott@computeralt.com>
To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, November 02, 1999 11:10 AM
Subject: Deletable default accounts?


> I'm setting up a new 3.3 system to be a dual-homed router/firewall.  It
> will only be running ssh2, ipfw, etc.  What default accounts can I safely
> remove to tighten security?
>
> toor, daemon, operator, bin, tty, kmem, games, news, man, bind, ucp, xten,
> pop, nobody
>
> I'm thinking that probably toor, games, news, bind, ucp, and pop can
> go.  I'm also thinking daemon, operator, and man cannot.  But I'm not
> certain.  Can someone enlighten me about all of them?  Thanks.
>
>
> -----------------------
> Scott I. Remick scott@computeralt.com
> Network and Information (802)388-7545 ext. 236
> Systems Manager FAX:(802)388-3697
> Computer Alternatives, Inc. http://www.computeralt.com
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01e801bf2618$0feb1b40$bdc3fea9>