I'm seting up a web server and trying to reduce the number of users to increase security. Below is the default /etc/passwd file from Debian. I used "find / -user xxxx" to search for files owned by each. The leading # symbol represents the users who do not own files.

Is it a good idea to delete (all, some, none) of these users? Which ones should I not delete?

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/false
#bin:x:2:2:bin:/bin:/bin/false
#sys:x:3:3:sys:/dev:/bin/false
#sync:x:4:100:sync:/bin:/bin/sync
#games:x:5:100:games:/usr/games:/bin/false
man:x:6:100:man:/var/cache/man:/bin/false
#lp:x:7:7:lp:/var/spool/lpd:/bin/false
mail:x:8:8:mail:/var/mail:/bin/false
news:x:9:9:news:/var/spool/news:/bin/false
#uucp:x:10:10:uucp:/var/spool/uucp:/bin/false
#proxy:x:13:13roxy:/bin:/bin/false
#postgres:x:31:32ostgres:/var/lib/postgres:/bin/false
#www-data:x:33:33:www-data:/var/www:/bin/false
#backup:x:34:34:backup:/var/backups:/bin/false
#operator:x:37:37:Operator:/var:/bin/false
li#st:x:38:38:SmartList:/var/list:/bin/false
#irc:x:39:39:ircd:/var:/bin/false
#gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/fasle
nobody:x:65534:65534:nobody:/home:/bin/false
jdoe:x:1000:1000:John Doe,,,:/home/jdoe:/bin/bash

Hey man.

Keep all those users if they are default. they are needed for diferent sorts of system functions, and not associated necessarily with security.

as far as I can see, jdoe is the only big threat!

Sath