PDA

View Full Version : What accounts can be removed?



n5red
08-Aug-2012, 19:40
I'm in the process of whittling down the accounts that are being created automatically during a system installation. This is for compliance reasons mostly, auditors want to see justification for every account that exists on the system. The system is a fairly basic install with ntp & named added. Here are the accounts I feel safe deleting to start with:

games
uucp
ftp
wwwrun
news

Are there any good reasons to not delete them? What other accounts are safe to delete?

n5red
08-Aug-2012, 23:13
And, interestingly enough the init script I wrote to delete these users seems to have run correctly, but the accounts were still there. I deleted them by hand and they did not reappear. Odd. Any ideas?

ab
09-Aug-2012, 05:44
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good reasons to NOT delete them:

They do nothing unless they are being used. Most of these are service
accounts and, as such, have no passwords. The potential risk to
security, then, is pretty close to zero (it's hard to use an account for
which there is no login). The only non-authentication way to get into
these accounts is from the root user using 'su' or equivalent, but
that's hardly a problem.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQI0A7AAoJEF+XTK08PnB5z4AP/3semNyQnUxe2CyVtQXrHE19
gySJXkrQnwc0Sfn7HW0WdUPZrFJyFLqSRskezIbTzx5VbH/Rf7NjN7BRERxBZLMD
QoRz/PfDH8iA/9V8hmxChkDKlMzZqJpd0BMrIhO1bKHmJWkjsxL7vZLg1wnpAUo W
Jrl1bHTg1c3FRVj2BRZgIBRmMoDEzuDhGuGOk1P+xXSyGBm9J2 1wscQshQ0jDYUq
I3s7btHfO7D52vQ+p2xnsn2a69RN/PMYpxAl7NEv4AqoklxjY9bLxvm+nnLHuQnq
QDLf5D4se+C2sbt2BNvSgbLmP5fp5u4eIeSgZn3lbU9DnIsObj AKMRh3KEJGM+rZ
xvgtSPlB20nfAgtcZcjdoufIJH63Okxx6fTuxP495NIw0A2yIi Qn4GZdJfJQt3b+
V7QsY9YrNDt4RDip+ec/X+GR7e4t/VC5tT4GNFD2CvBmDWKUiveOTNNX8CFCFqti
WiVYRnu6LSc2Ufx0yl4LjDnxuHigMzNkxtpVykym8P8WsmPQvU +heZm5LD8rQhTe
09tMhdVwjBpL/VoWZBYyPL3zE4sVnfEr6iejpJV5J+zGi34rvGzxHeI+y6IWQLG H
P7g9O8d3bWFd8CBol4LKnHoSYUHCwB2wZjhj4w+/FpVCqapgidOrGKV7Qzw7f9eS
8jcgschpNsHU+KBt79Pt
=RNVo
-----END PGP SIGNATURE-----