Next | Prev | Up | Top | Contents | Index
Special Accounts
Special accounts are used by daemons to perform system functions, such as spooling UUCP jobs and print requests. Because key files are owned by these accounts, someone who has obtained access to one of the accounts, or was able to start a daemon on your system, could partially breach security. Partially, because ownership of the various system files is distributed among the special accounts.
Guard access to all the special accounts as you would the root account. Either assign passwords to these accounts, or lock them using one of the methods described in "Locking Unused Logins".
Following is a list of all the administrative and special accounts on the system and what they are used for:
- root
- This login has no restrictions, and it overrides all other logins, protections, and permissions. It allows you access to the entire operating system. The password for the root login should be very carefully protected.
- sys
- This login has the power of a normal user login over the files it owns, which are in /usr/src. Its login should be disabled.
- bin
- This login has the power of a normal user login over the files it owns, which are throughout the system. Its login should be disabled.
- adm
- This login has the power of a normal user login over the files it owns, which are located in /var/adm. You may su to the adm login. This login should be disabled.
- uucp
- This login owns the object and spooled data files in /usr/lib/uucp and /etc/uucp.
- nuucp
- This login is used by remote workstations to log into the system and initiate file transfers through /usr/lib/uucp/uucico.
- daemon
- This login is the system daemon, which controls background processing. Its login should be disabled.
- lp
- This login owns the object and spooled data files in /var/spool/lp. Its login should be disabled unless the system is a print server.
Next | Prev | Up | Top | Contents | Index