Andrew Schulman wrote: > backup bin daemon games irc list lp mail man messagebus operator > proxy sync sys uucp backup: historical, probably safe to remove bin: historical, and possibly used daemon: historical, commonly used by daemons that need to own files, but can't have their own user for some reason games: placeholder for group games, don't remove it irc: used for irc daemon(s), probably not necessary list: I don't know lp: used for printing daemon(s) and as a placeholder for group lp, don't remove unless you don't have a printer and have no printing software installed mail: placeholder for group mail, sometimes used by mail daemon(s), don't remove man: placeholder for group man, don't remove unless you don't use the man command messagebus: I don't know operator: historical, probably safe to remove proxy: almost definately safe to remove unless you run any proxy server(s) that use it sync: I don't know sys: I don't know uucp: if you've never heard of it, you probably don't need it > adm audio backup bin daemon dialout dip disk fax floppy games irc kmem > list logcheck lp lpadmin mail man messagebus nogroup ntop operator proxy > sasl scanner shadow src ssh staff sudo sword sys tape tty utmp uucp > video voice adm: used for logs, do not remove audio: used for sound devices, only remove if you have no sound devices and don't plan on ever having any backup: see above bin: see above daemon: see above dialout: used by suid ppp programs and possible ppp devices, if you are sure you'll never use a modem (including dsl and some other high speed ones) it may be safe to remove dip: I don't know disk: DO NOT REMOVE, it's used for hard drives fax: self explanitory, can probably be safely removed if you don't use it floppy: don't remove unless you will never have a floppy drive games: used to control which users can play games, including things like fortune and sl. probably shouldn't be removed irc: see above kmem: I don't know, but k* (in system stuff) usually has to do with the kernel, so it probably shouldn't be removed list: see above logcheck: I don't know lp: controls who can use a printer, only remove if you don't and never will print lpadmin: controls who can add/change/remove printers, see above for removal conditions mail: used for mail boxes in shared directories and for controlling various mail related ACLs man: see above messagebus: see above nogroup: DO NOT REMOVE, it's used for minimal access rights ntop: I don't know operator: see above, also commonly used by sudo to grant rights proxy: see above sasl: commonly used for smtp and/or pop/imap authentication, can be removed if not in use and the sasl programs aren't installed scanner: simillar to lp, but for scanners shadow: DO NOT REMOVE, used to conrol read access to /etc/shadow and /var/backup/shadow* src: used to control write access to /usr/src, don't remove ssh: I don't know exactly what it's for, but obviously is related to ssh and/or sshd staff: historical, used in /home, don't remove without cleaning up /home first sudo: I don't know, but related to sudo sword: I don't know sys: see above tape: used for tape devices, don't remove if you have/will have one tty: DO NOT REMOVE, used for virtual consoles, serial, ports, etc. utmp: DO NOT REMOVE, used for logs uucp: see above video: like audio, but for video devices voice: I don't know > As a general security measure, I want to prune the useless entries from > these files (and /etc/shadow too, of course). The problem is to be sure > that before I remove an entry, it's not going to make bad things happen. That doesn't affect security very much (if at all), and if done incorrectly can make your system unusable. -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$ UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K- w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-) b++(+++)@ DI? D? G e->++++ h* r? z* ------END GEEK CODE BLOCK------ David Mandelberg mandelbergd@eth0.is-a-geek.org
Attachment:
signature.asc
Description: OpenPGP digital signature