On Fri, Feb 20, 2004 at 11:51:03PM +0800, meimi wrote: > I have read some document about server hardening. It suggests me removing > the following users: > operator, games, news, uucp > and following groups: > operator, staff > I can guess that games is used for playing and news is used for reading > news in news group. How about the other? Their descriptions in passwd are > not clear. > Am I safe to remove them in normal server environment (web, mail, ftp, > DNS, SSH)?
You can certainly remove those users and groups, but it's unlikely to gain you very much and quite likely to cause you some problems. It will certainly make it harder for you to do routine updates on your system, possibly including some security patches. So long as you don't alter the entries in the master.passwd and group files for those entities, you're pretty safe. Those IDs exist mostly to be the owners of various files: note that the shell has been set to /sbin/nologin and the password for those accounts has been locked and that they have no special privileges despite the low UID and GID numbers -- as such they are rather less dangerous than the account you use to log in via. All in all, I wouldn't bother touching those accounts. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp00000.pgp
Description: PGP signature