> > I would not delete them. A normal user, e.g., has to > be member of the group staff to su to root, etc.
It is group wheel they need to be in. I suppose someone might have made staff work too, but wheel is the biggie. ////jerry > > Cheers Tom > > > On Fri, Feb 20, 2004 at 11:51:03PM +0800, meimi wrote: > > > >> I have read some document about server hardening. It suggests me > >> removing > >> the following users: > >> operator, games, news, uucp > >> and following groups: > >> operator, staff > >> I can guess that games is used for playing and news is used for > >> reading > >> news in news group. How about the other? Their descriptions in passwd > >> are > >> not clear. > >> Am I safe to remove them in normal server environment (web, mail, ftp, > >> DNS, SSH)? > > > > You can certainly remove those users and groups, but it's unlikely to > > gain you very much and quite likely to cause you some problems. It > > will certainly make it harder for you to do routine updates on your > > system, possibly including some security patches. > > > > So long as you don't alter the entries in the master.passwd and group > > files for those entities, you're pretty safe. Those IDs exist mostly > > to be the owners of various files: note that the shell has been set to > > /sbin/nologin and the password for those accounts has been locked and > > that they have no special privileges despite the low UID and GID > > numbers -- as such they are rather less dangerous than the account you > > use to log in via. > > > > All in all, I wouldn't bother touching those accounts. > > > > Cheers, > > > > Matthew > > > > -- > > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > > Savill Way > > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > > Tel: +44 1628 476614 Bucks., SL7 1TH UK > > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
