Hi,
I have to remove unnecessary users from /etc/passwd file. I have done with almost all, checking for whether any of my application or system will have any troubles after removing any of them.

I am left with the following users. I need to find out what function does these accounts accomplish & whether their deletion will cause any problems.

man:*:16:20:man:/var/cache/man:/bin/false
proxy:*:19:21roxy:/bin:/bin/false
telnetd:*:20:22roxy:/bin:/bin/false
backup:*:34:34:backup:/var/backups:/bin/false


Thanks in advance.

Digvijay

As a general rule do not remove users whose UID is less than 1000. These are system or privledged accounts.

@fpmurphy: Generally that is good advice, although UID 1000 is a bit high. Some distro's start at 500 with their user accounts (mine does....).

Yes I know all about that.

Linux has a list of system users which have specific purpose to solve. I am keeping all of them in the /etc/passwd file.

They are made in order to distribute priviledges.

For Example:-

bin

The bin user account typically owns the executable files for most user commands. This account's primary purpose is to help distribute the ownership of important system directories and files so that everything is not owned solely by the root and sys user accounts.

daemon

The daemon user account exists only to own and run system server processes and their associated files. This account guarantees that such processes run with the appropriate file access permissions.

nobody

The nobody user account is used by the Network File System (NFS) to enable remote printing. This account exists so that a program can permit temporary root access to root users. For example, before enabling Secure RPC or Secure NFS, check the /etc/public key on the master NIS server to find a user who has not been assigned a public key and a secret key. As root user, you can create an entry in the database for each unassigned user by entering:
newkey -u username
Or, you can create an entry in the database for the nobody user account, and then any user can run the chkey program to create their own entries in the database without logging in as root.


I was unable to find purpose of (man, proxy, telnetd, backup).


Thanks for your efforts, it will be nice if any1 posts necessity of the users I mentioned.

Regards
Digvijay

Well, take a safe copy, remove them and you'll find out if they cause any issues

you can use find to find files belonging to these users
if there aren't any files belonging to them, you can safely delete them

Thanks ghostdog74,

Can there be a scenario that any of these user account is used by any program to perform some activity. Like the ftp user account is needed to perform anonymous ftp.

Some special priviledges these account might be providing to system or

Just making sure that not any files belong to them I can safely delete these account ?

Regards
Digvijay

If you don't find any files owned by them and you don't find any processes owned by them running (verify via ps), then how can they be providing any services?

Why??

What problem are you trying to solve?

its pretty standard thing to do in the security/audit world that if there are dormant or expired or unnecessary users defined in a system, they are to be removed, or disabled. (The best approach is to remove them of course but its up to the policies defined)

ghostdog74 Thanks for your support.

Friends thanks a lot for all your efforts. I was able to find all necessary information.

Yes there was a security/audit thing required by our org. So I have to remove all unnecessary accounts but I have to make sure removal of any shouldnt cause any problem in normal functionality of the system.

Thanks again all of you. No further queries from my side.

Regards
Digvijay

For the benefit of those that find the thread later, could you explain what methods you used to identify the accounts as removable?