Questions about system vs. user accounts...

From: Mike Klein (mikeklein_at_sbcglobal.net)
Date: 10/15/03

  • Next message: Edward Dekkers: "Re: Need help with rpm package install hanging" 
    To: redhat-list@redhat.com
Date: Tue, 14 Oct 2003 19:45:30 -0700

    I've been locking down different parts of my server, specifically
    w/respect to certain services and the user they run under.

    I realize that it's best to run as a special user (i.e. nobody or
    account based on service name).

    I've noticed that system accounts (based upon login.defs) are generally
    a uid < 100, don't have passwords that expire, often have a home
    directory mapping to software install/data directory, and often don't
    have login capability.

    I guess the whole point of system accounts (i.e. id < 100) is that they
    have these special properties right? Or is there something else.

    Apache for example (you can't su nobody as it has no shell) starts a
    single process as root and then spawns all subsequent processes as a
    specific user (generally nobody).

    I am trying to create specific accounts for jabber and some other
    services. The problem I'm having is that I'll create a jabber account
    with home directory being software install directory, give it a
    shell...but when I su to this account from a root-run init.d script it
    complains about no .bashrc. This is kind of understandable as I AM
    running a bash shell.

    However...when I check the mysql user account that the RH9 rpms create,
    it has a bash shell and home directory of /var/lib/mysql...yet when I
    look in it's home directory there's no .bashrc. I can 'su mysql' and I
    don't get the .bashrc complaint...why is this? I have fully checked the
    /etc/passwd and other related files for differences in the mysql user
    account but I can't find anything.

    Thanks in advance...

    mike 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Edward Dekkers: "Re: Need help with rpm package install hanging"

    Relevant Pages

    • Re: SAMBA and XP
      ... I use Samba to access shares from network 'nix boxes from ... In Windows, when you're a member of a Domain, you sent your authentication ... the home directory and drive mapping, ... and give it the same name and password as the account they ...
      (RedHat)
    • Re: Leopard: Advanced Options in Accounts not ready for prime time?
      ... When I created a regular user account I went back in to Advanced Options and changed the home directory for that user from /Users/ethant to /Volumes/Home/ethant. ... I'd expect that to create my basic account user in /Volumes/Home/ethant upon first login. ...
      (comp.sys.mac.system)
    • Re: Copying over a user account #2
      ... >>> The user now has permissions for all its own files, ... The desktop layout is in the home directory, at least on 10.4, so I do not ... never tried more than one account under 10.3, ... > difference -- I dragged the home directory over from the iBook to the G4 ...
      (comp.sys.mac.system)
    • Re: Leopard: Advanced Options in Accounts not ready for prime time?
      ... When I created a regular user ... account I went back in to Advanced Options and changed the home ... expect that to create my basic account (default directories, Pictures, ... the home directory was already created at the default path ...
      (comp.sys.mac.system)
    • SUMMARY: sendmail .forward problem....
      ... > I can create an account whose home directory is in the standard filesystem ...
      (SunManagers)