Re: Orphaned User Accounts?
On Wed, Nov 3, 2010 at 4:18 AM, Camaleón <noelamac@gmail.com> wrote:
> 12.1.12.1 Are all system users necessary?
> http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s-faq-os-users
I guess I'm still puzzled. That link is a great explanation to what
each user does and it's fairly common sense that not every daemon
should and will run as the 'root' user. My question or issue with
Debian is if I do a fresh 'minimal' installation using the 'netinst'
or 'business card' ISO, that gives me basically a bare minimal
installation. There is no need to explain what every user is used for
because in my opinion, it's fairly obvious that 'www-data' is used for
a web server. My question is why do these users get pre-loaded when
there is nothing on my minimal system that would ever require the need
for them? I understand if I install Apache, then there would be a new
user added based on that dependency as would I expect to see a MySQL
user or Postfix user if I did eventually decide to load those
respective softwares on my server. The question or confusion is that I
didn't load any of the software those users depend on so why do
developers just add them to a base install? I disagree and in fact can
prove that the users are 'orphaned' simply because if you decide to
delete / remove the user 'www-data' using the 'userdel -r' switch, it
deletes the user but returns and error that '/var/www' can't be
deleted because it doesn't exist. Of course it doesn't exist...I never
installed Apache so why would there be a '/var/www' directory or for
that matter a 'www-data' user in '/etc/passwd'? That in my eyes means
those accounts are useless and orphaned since their assigned home
directories don't even exist.
Can anyone please clarify?
Reply to: