pruning cruft in /etc/passwd and /etc/group
Over years of testing software, my /etc/passwd and /etc/group files are
littered with leftover junk. Here are some entries in /etc/passwd which
don't correspond to any actual or useful virtual users that I'm aware
of:
backup bin daemon games irc list lp mail man messagebus operator
proxy sync sys uucp
Some of these are traditional, e.g. bin and mail. But do I really need,
for example, all of bin, daemon, operator, and sys? That sounds like
four of the same thing to me. Does man really need its own user?
Here's a list of questionable entries in /etc/group:
adm audio backup bin daemon dialout dip disk fax floppy games irc kmem
list logcheck lp lpadmin mail man messagebus nogroup ntop operator proxy
sasl scanner shadow src ssh staff sudo sword sys tape tty utmp uucp
video voice
As a general security measure, I want to prune the useless entries from
these files (and /etc/shadow too, of course). The problem is to be sure
that before I remove an entry, it's not going to make bad things happen.
I already know to run e.g.
find / -user operator
ps -U operator
grep -r operator /etc
the last of these in case some config file (e.g. cron job) tells some
process to change to user operator. Is there anything else I can do to
find out about these phantom users, before I whack them?
Is there any Debian policy on this, or a Debian way (or general Unix
way, short of just removing the users) of handling this problem? Some
systematic approach or guidelines that someone has worked out?
How can I find out which packages (when it's not obvious) create or
require a certain user? If they do, there's no good in me removing the
user unless I remove the package too.
Thanks,
Andrew.
Reply to: