On Fri, Apr 16, 2004 at 01:16:17PM +0200, Paolo Consiglio wrote:
>
> Hi everybody,
> I was looking into Fedora and I see a lot of user-id defined into
> /etc/passwd file,
> such as ftp, usr, and so on. It's seems to me they don't have access to
> shell,
> but I wonder if that could be a problem for internet security...
> Maybe can I delete them and leave only root and the standard users
> without having any kind of problem?
Leave them.
Make sure that all the lines in your passwd file have a good pass word
assigned or are locked accounts. (example: "passwd -l ftp" also see: "pwck").
Many of these passwd lines exist to give a safe user context for a
famous activity or to label the files associated with that activity.
By having these accounts interesting processes like "ftp; httpd" need
not run as root and are thus a little less of a risk. i.e. security
is improved.
Note that when "rpm" installs a package some files have specific user
and group contexts associated with them. Without these user accounts
(contexts) in the passwd and group files the files will be given a
different ownership that may not be desired.
What you do want to do is inspect the list of services you have turned
on. The first step in doing this is a check to see what is on and off:
chkconfig --list
service --status-all
One by one, read the documentation (man, info) or search the redhat
documentation pages for the purpose and function of each. Leave on
the ones you understand and leave the others off.
Keep a notebook that reflects the changes you make so you can turn them
back on if you later need or want them.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
