Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Default Linux User Accounts

  1. #1

    Post Default Linux User Accounts

    Ahead of time info: I am running Redhat 7.1 on a 933Mhz pIII, 256mb sdRAM, 32mb ATI Expert 2000, 20gig hd, Kernel 2.4.12, uptime 11days.

    -Ok, I know it is a great security risk to have alot of users not being used just sitting there waiting to be cracked. With a somewhat default install of Linux "what users can I delete and what can't I?" I know root is a certain no, I connect to the internet, and I hope to run the pc as a proxy server for my future network. Those are really the only two things I currently use or plan to use.


    Thanks,
    Jason
    __________________________
    Caution: in case of rapture, this computer will be unoccupied!

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    138
    It really depends on what services you are running and what programs need what user ID's. (It's different for each system, somebody correct me if I'm wrong.)

    If you aren't planning on running FTP, you could probably ditch any "FTP User" entries. Ditto for "RPC User", "postgres", "squid", etc...

    If you want to get technical, you could do it by trial and error. First, make a back up of your passwd file. Then try deleting a user you don't think you need. If after rebooting, you get no errors with normal operations, you can probably say "it's safe to keep that one out." If you get any errors, though, you may need to reinstate the last backup you made. (I would do it with "cp passwd passwd.bak.1" for the first backup, "cp passwd passwd.bak.2" for the second (after deleting one account), etc....

    I think some critical accounts are:
    root
    operator
    halt
    nobody
    shutdown
    adm
    daemon
    rpm (if you use the RPM user)
    lp (if you need this, as well)

    and of course your regular user account you created at boot time for yourself (so you don't do everyday work as root.)

    Hope this helps. If anyone has a better suggestion than "trial and error" please pitch in.

    Happy Hacking
    -----------------------------------------------------
    Warfare is the Way of deception.
    -Sun Tzu \"The Art of War\"

  3. #3

    OOps

    I am going to setup a ssh telnet server on it, I only have dial up so FTP would be so slow it would be futile.
    I just messed up my linux by editing the .bash_profile trying to get my anti-virus (www.sophos.com) to work. So I am re-installing now, this install is totally to learn, a reinstall is no skin off my nose. I have all the doc's on there back'd up and I have the kernel burn't to a cd.



    Thanks,
    Jason
    __________________________
    Caution: in case of rapture, this computer will be unoccupied!

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    185
    Hi jason-nis,

    First things first, make copies of any system file before you do anything to it. This will prevent many a re-install.

    example: I want to work on /etc/passwd, so ....

    usage:

    root@mybox: ~ # cp /etc/passwd /etc/dwssap && vi /etc/passwd

    Then I can make my changes knowing that the orignial is still there and can be restored.

    Take it from a guy who has installed Unix *a lot*, make backups or copies before you do anything.

    Hacking on .bashrc or .bash_profile for example and any other file for that matter is a lot of fun, just be sure you can undo any booboo's you make with an origianl or a knwon good copy.

    As for users in /etc/passwd, gaxprels is correct, just be sure and understand what the user does and what not having one will do before making the change.

    example, if I do not use UUCP, and have no reason to ever need any UUCP related service I can safely remove this user from my /etc/passwd file.

    And on a side note, I would look into sophos a little more before getting carried away with their software. They have been known to make some outrageous claims about virus's on Linux (Which to date there has been one, and it was a joke). Anyway, hope this helped and have a Happy New Year!!

    Happy New Year everyone!!!
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  5. #5
    Junior Member
    Join Date
    Aug 2001
    Posts
    17

    Post

    Never connect to the internet as root. use /usr/sbin/useradd to create an account for this purpose.

  6. #6

    Ok.

    So how do I know what user account does what, if the name isn't obvious? UberC0der, could you tell me what that command that you gave me does? I don't just want to do it, I want to have a full understanding of what I am doing. Or else I am not learning.

    And I know never get online if log'd in as root.

    I installed the OpenSSH package on the last reinstall. Does it need any user accounts? I am going to eventually setup the pc as a SSH server.

    Another thing: I have a few texts on securing the linux pc. But it all includes setup of the inetd.conf file. Well I run a newer kernel so I have /etc/xinetd.d/ instead of inetd. Does anyone know of a good text on configuring xinetd?
    btw: I have visited xinetd.org

    Thanks For Everything..
    Jason
    __________________________
    Caution: in case of rapture, this computer will be unoccupied!

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Basic user accounts to keep: anything with a UID <= 10 (UID = number immediately after the password. Example:

    root:X:0:0:Root account:/:/bin/bash

    Root's UID is 0 and it's GID (group ID) is 0.

    Generally, users are automatically added to the users group (GID 20 I think), and are assigned a UID starting from 100 (this is set in a file somewhere that's dependent on whatever distro you're using). If you're wanting to edit the passwd file without worry if you blow something up while editing it, use 'vipw' as root. That copies the passwd file into the /tmp dir as a file and edits that. Then, when you save, it'll move it into place for you, making a backup of the original.

    If you're not using ftp, and are setting up openssh for a server, take out the ftp users (whichever ones there are) and do the following to disable the services:

    1. cp /etc/services /etc/services.orig && vi /etc/services

    Comment out (put a # in the beginning) for ftp and telnet services.

    2. cd /etc/xinet.d

    There are some files in here, one for each service you have and aptly named. Vi these files and for Enabled (I think that's the line), make sure telnet and wu-ftp are set for "No". When you restart xinetd, it'll reread them and kill the services for ftp and telnet. I'll get more info on this as I'm not in front of my linux box right now. Xinetd is fairly new to the linux scene, whereas before it was /etc/services and /etc/inetd.conf that controlled everything. Don't ask me why they have xinetd now, hehe...

    As for OpenSSH:

    When you configured it as root and installed the package (make install), it should've put some things in /usr/local/bin and /usr/local/sbin. I'm not sure if OpenSSH installs the sshd binary so that it runs at startup (will find out). Either way, when you install it, you'll want to run ssh-keygen to generate the public/private keys for each account that you want and after that you'll be able to run sshd and ssh in. sshd only needs to run if you plan on ssh'ing from the outside or 'scp'ing' files to/from the box. scp is the secure ftp. OpenSSH also runs on port 22, if you didn't know.

    Hope this helps out.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8

    Hmm.

    There is nothing in my /etc/xinetd.d/ directory. It is empty, from what I understand you have to make a file for each service or else it's default or something.
    I didn't do a make install, I screwed over my linux box last night so I did a reinstall. I selected the OpenSSH server. When I nmap localhost ssh is showing, so I am guessing it is setup. I have not configured it yet, I have a doc on how-to though.

    Would it be safer to disable any users not being used rather then deleting them.
    Vorlin to be honest I dont understand the UID GUID, could you elaborate?

    Thanks
    Jason
    __________________________
    Caution: in case of rapture, this computer will be unoccupied!

  9. #9
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Sure thing, although let me pass on some information about
    some other things you're having issues with.

    To see if SSH is working as a server, just try to 'telnet localhost 22'. If that connects (hit control-] to break), then it's working correctly. If not, let us know and we'll be glad to help.

    Another way to check services is to run 'linuxconf' and in the 'Services' section (I think that's the case...I don't use the gui interfaces too much), you'll see the different run levels, whether it's manual or automatic, etc etc...make sure ssh is set for run level 3 (multiuser) and automatic. You can also select whether a service is disabled or not.

    As for UID/GID, here goes:

    A user ID is a unique number that is assigned by the system when a user account is created. System accounts by all accounts have a UID of 20 or less. The closer to 0 a UID is, the more 'permission' it has to do things. 0 is the UID for root, which is pretty much "god" on the system. Nothing is held back for an account that has a UID of 0. Note, while you can do anything, the system won't prevent you from screwing something up. It assumes you know what you're doing. It's a very wise idea to never give a UID to a user that's already taken because everything is checked by the user's ID. Example:

    Foo has a UID of 100.
    Bar is created and is given a command-line UID of 100 (useradd -m -c "Bar user" -u 100 bar. Useradd complains but complies because root is God.

    Now, Foo and Bar don't like each other so now, because they have the same UID, they can go into each other's directories and fux0r up files, delete shite, etc etc, because both "own" whatever files they create. Bad juju, as you can see.

    GID is similar although it's not as restricting. Group IDs set each group with an ID, and permissions are checked similarly but in each group, any number of users could be in it. In Redhat and other distros, a group is created as the name of the user when they're added to a system. Example: useradd -m -c "Foo user" foo will create a user foo, and also create the group 'foo' so that every file or directory created by foo is owned by foo and group-owned by foo. This is a higher security than creating users and stuffing them into a group called 'user' by default.

    As for anything else, let us know and we'll be glad to help.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  10. #10

    services

    ok, time for my 2 cents, hope I'm not off topic here, but you had mentioned trying to find info on the services.

    Since you are running RH 7.1 you don't have to bother with /etc/services to disable stuff (of course if you do then its trully gone, since your system will no longer understand the protocol if removed from /etc/services (right?. . ) also /etc/services is a cool place to find out what port and protocol everything on your system uses). You should have init scripts for all your services in /etc/rc.d/init.d. You can use these to start or stop services, or set whether they start on boot. Useage for stopping|starting on the fly is:
    /etc/rc.d/init.d/<*> start|stop|restart (<*> being the name of the script file).

    for setting services boot status use the chkconfig command. Look at the current status of services with:
    chkconfig --list
    it will show each service and its status durring each runlevel, if its set to yes in a runlevel, then it will automatically start when booting into that runlevel. to change the status use:
    chkconfig --level <level #'s> <servce name> on|off|reset
    level #'s are 0-6, only the #'s you give when issueing the above command will be affected.
    runlevel 3 is the standard multiuser level, runlevel 5 is the same except the X server automatically boots up (I highly recommend you always use runlevel 3, having problems with X when in runlevel 5 is a real pain).

    Or, if you are lazy like most of use, there is a nifty ncurses menu that you can use to set the status of services, the command is:
    setup
    go to the services menu, and set which services run on boot. simple.

    BTW, everything mentioned here is run in console, if you can't find the command specified (ie: trying to run it from a console in X, and it not being in your path), you can always find the full path of the binary with:

    whereis <command>
    EX:
    whereis chkconfig
    chkconfig: /sbin/chkconfig

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •