Mike Mueller <mjm-58@mindspring.com> [2002-09-14 17:45:03 -0400]: > Why does my 2.2r6 system need a user called bin? > $ find / -user bin -ls > yields no files owned by bin Prior to the introduction of NFS the typical owner of files in /bin, /usr/bin, etc. was the 'bin' user for UNIX systems. This predates Debian. The 'bin' user was a non-root and non-anyother user. If you were to look at commercial systems such as hpux, aix, etc. you would find that they still ship /bin files owned by the 'bin' user even today. Changing the uid of the directories which contain system files to 'root' is one of the common security hardening steps needed when implementing one of those systems as an NFS server. NFS changed the world overnight. NFS only implements root-squash, the conversion of a privileged id into a non-privileged id, for root. It does not do this for other users such as 'bin'. Therefore on a system which might run NFS it was needed to convert the user to 'root' which is protected across NFS. It turns out that 'root' is the only safe owner of files over NFS. Debian currently ships a password file that contains most of the traditional UNIX account such as 'bin'. They are there because they were always there. Removing them might in some way cause the system to be less useful. They take up such a small amount of resource as to be insignificant. There is no return on the investment to remove them and test everything to make sure absolutely nothing would break without them. Other systems also ship those same users in /etc/passwd and this keeps Debian compatible with other systems. Bob
Attachment:
pgp4vi47cmgf0.pgp
Description: PGP signature