I have this AIX 5.3 machine kinda just thrown at me and they want me to clean up system. The first thing I wanted to do was rmuser all the users that aren't needed by the system. I tried to find (google) a list of "System Users" and really couldn't find what I was looking for. Ne1 have any ideas where else I might look?

By "System Users" I mean root,daemon,bin,sys,adm....

I work at a company that gets audited all the time. The ones we're most commonly asked to remove are guest, lpd, uucp, nuucp (if it's there) and imnadmin. Here's a list of accounts I put together about a year ago; most of it is relevant, I think:

daemon - The daemon user account exists only to own and run system server processes and their associated files. This account guarantees that such processes run with the appropriate file access permissions.

bin - The bin user account typically owns the executable files for most user commands. This account's primary purpose is to help distribute the ownership of important system directories and files so that everything is not owned solely by the root and sys user accounts.

sys - The sys user owns the default mounting point for the Distributed File Service (DFS) cache, which must exist before you can install or configure DFS on a client.

adm - The adm user account owns the following basic system functions:
* Diagnostics, the tools for which are stored in the /usr/sbin/perf/diag_tool directory.
* Accounting, the tools for which are stored in the following directories:
o /usr/sbin/acct
o /usr/lib/acct
o /var/adm
o /var/adm/acct/fiscal
o /var/adm/acct/nite
o /var/adm/acct/sum

uucp - Owner of hidden files used by uucp protocol. The uucp user account is used for the UNIX-to-UNIX Copy Program, which is a group of commands, programs, and files, present on most AIX systems, that allows the user to communicate with another AIX system over a dedicated line or a telephone line.

guest - Allows access to users who do not have access to accounts.

nobody - The nobody user account is used by the Network File System (NFS) to enable remote printing. This account exists so that a program can permit temporary root access to root users

lpd - Owner of files used by printing subsystem. This account has been disabled.

imnadm - IMN search engine used for Documentation Library Search.

lp - Possibly something to do with printing.

invscout - Surveys the host system for currently installed microcode or Vital Product Data (VPD).

snapp - The account that manages Snapp, an extensible, XML-based application that provides a menu-driven interface for UNIX system administration tasks on a handheld PDA.

sshd - The user account for managing the sshd service.

AWESOME! Thanks!

Since TL05 in AIX 5.3 there is a program called aixpert - or AIX Expert. It is meant to be a standard method to harden AIX. There are four 'press a button levels': 'None' (or factory), 'Low', 'Medium', and 'High'.

There is also a 'Custom' setting where the admin makes choices. Can be used from command-line, smit and websm.

Was expanded greatly (e.g. LDAP support for policy distribution) in AIX 6.