Monday, 27 June 2011

System user accounts



Traditionally, UNIX has come with a default set of system user accounts to
prevent root and system from owning all system filesystems and files. As such it is never recommended to remove the account but rather set an asterick in the /etc/security/passwd for all except root. This document describes the default set of user accounts.


Description of accounts

·         root

        Commonly called the superuser (UID 0), this is the account that system
administrators log into to perform system maintenance and problem determination.

·         daemon

A user used to execute system server processes. This user only exists to own these processes (and the associated files) and to guarantee that they execute with appropriate file access permissions.

·         bin

A second system account used primarily to break up owners of important system directories and files from being solely owned by root and system. This account typically owns the executable files for most user commands.

·         sys

sys user owns the default mounting point for the Distributed File Service (DFS) cache which is necessary before installation and configuration of DFS on a client. /usr/sys directory can also be used to put install images.

·         adm

The adm user in the /etc/passwd is basically responsible for two system functions:

        1. ownership of diagnostic tools, as evidenced by the directory
               /usr/sbin/perf/diag_tool/

        2. accounting, as evidenced by System Accounting Directories:
        /usr/sbin/acct
        /usr/lib/acct
        /var/adm
        /var/adm/acct/fiscal
        /var/adm/acct/nite
        /var/adm/acct/sum





·         guest

Many computer centers provide accounts for visitors to play games while they wait for an appointment, or to allow them to use a modem or network connection to contact their own computer. Typically, these accounts have names like open, guest, or play.

·         nobody

An account used by the Network File System (NFS) product, and to enable remote printing nobody exists when a program needs to permit temporary root access to root users. For example, before turning on Secure RPC or Secure NFS, check /etc/public key on the master NIS server to see if every user has been assigned a public key and a secret key. You can create an entry in the database for a user by becoming the superuser and entering:

        newkey -u username

You can also create an entry in the database for the special user, nobody. Users can now run the chkey program to create their own entries in the database.


·         uucp

UUCP is a system for transferring files and electronic mail between UNIX computers connected by telephone. When one computer dials to another computer, it must log in. Instead of logging in as root, the remote computer logs in as uucp. Electronic mail that is awaiting transmission to the remote machine is stored in directories that are readable only by the uucp user so that other users on the computer cannot read each other's personal mail.

No comments:

Post a Comment