What do those obscure user accounts mean?

marales314 · 08-15-2007, 07:47 PM

In my linux installation there are a few user accounts that I don't understand, such as "bin", "sync", "sys", "lp", "proxy", and "daemon". Why are they there?

cgjones · 08-15-2007, 08:32 PM

From the Securing Debian Manual

Quote:

daemon: Some unprivileged daemons that need to write to files on disk run as daemon.daemon (e.g., portmap, atd, probably others). Daemons that don't need to own any files can run as nobody.nogroup instead, and more complex or security conscious daemons run as dedicated users. The daemon user is also handy for locally installed daemons.

bin: maintained for historic reasons.

sys: same as with bin. However, /dev/vcs* and /var/spool/cups are owned by group sys.

sync: The shell of user sync is /bin/sync. Thus, if its password is set to something easy to guess (such as ""), anyone can sync the system at the console even if they have don't have an account.

lp: Used by printer daemons.

proxy: Like daemon, this user and group is used by some daemons (specifically, proxy daemons) that don't have dedicated user id's and that need to own files. For example, group proxy is used by pdnsd, and squid runs as user proxy.

Daws · 08-15-2007, 08:33 PM

You are listed as using Debian. If this is still the case then take a look at /usr/share/doc/base-passwd/users-and-groups.html or the txt version. Here are some of the highlights for the users you listed:

Quote:

bin

HELP: No files on my system are owned by user or group bin. What good are
they? Historically they were probably the owners of binaries in /bin? It is
not mentioned in the FHS, Debian Policy, or the changelogs of base-passwd
or base-files.

LSB 1.3 lists bin as legacy, and says: "The 'bin' UID/GID is included for
compatibility with legacy applications. New applications should no longer
use the 'bin' UID/GID."

sync

The shell of user sync is /bin/sync. Thus, if its password is set to
something easy to guess (such as ""), anyone can sync the system at the
console even if they have no account on the system.

sys

HELP: As with bin, except I don't even know what it was good for
historically.

I'm told that /var/spool/cups is owned by group sys, dunno why.

lp

The lp* devices are writable by this group so that users in it can access
the parallel ports directly. Traditionally this job is taken by a printer
daemon instead which will only need to run in this group.

The lpr system keeps its spool directories owned by lp/lp. Its daemon and
frontend tools (through setuid) run as user root.

HELP: what do other print systems (rlpr, lprng, ...) do?

daemon

Some unprivileged daemons that need to be able to write to some files on
disk run as daemon.daemon (portmap, atd, jabberd, lambdamoo, mon, and
others). Daemons that don't need to own any files sometimes run as
nobody.nogroup instead; it is generally better practice to use a dedicated
user, and more complex or security-conscious daemons certainly do this. The
daemon user is also handy for locally installed daemons, probably.

LSB 1.3 lists daemon as legacy, and says: "The 'daemon' UID/GID was used as
an unprivileged UID/GID for daemons to execute under in order to limit
their access to the system. Generally daemons should now run under
individual UID/GIDs in order to further partition daemons from one
another."

proxy

Like daemon, this user and group is used by some daemons (specifically,
proxy daemons) that don't have dedicated user ids and that need to own
files. For example, group proxy is used by pdnsd, and squid runs as user
proxy.

Unfortunately it appears that some of the answers you seek may be buried in time...

marales314 · 08-16-2007, 12:35 AM

Thanks, I looked at both the Securing Debian Manual and the users-and-groups page, and they are both exactly what I was looking for.