login mapping will always persist and be consistent when C2 is strictly adhered to). E.g. here's a short list of some special-purpose IDs that may exist on some systems: adm alias aptproxy asg audit auth backup bin bind cron daemon Debian-exim dos faxmaster fetchmail ftp games gdm gnats gopher identd informix ingres irc list logcheck lp mail majordom man messagebus mmdf msql netplan network news nobody ntop nuucp operator oracle partimag postgres proxy qmaild qmaill qmailp qmailq qmailr qmails rwhod saned smmsp snort sshd sslwrap sync sys sysinfo telnetd tftpuser uucp www-data [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => <1141750158.913653.234660@p10g2000cwp.googlegroups.com> [ref] => <1141672379.956501.221020@v46g2000cwv.googlegroups.com> [htmlstate] => on_nl2br [postusername] => Michael [ip] => michael1cat@yah [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 4 [islastshown] => 1 [isfirstshown] => [attachments] => [allattachments] => ) --> Rookie needs some help - Linux / Unix Administration
Professional Web Applications Themes

Rookie needs some help - Linux / Unix Administration

Hey All, I'm just starting my career in information security and have already found that I have quite a few questions concerning UNIX security and account setup. Here is my first question(s): 1. There are several accounts that seem to be default on all UNIX systems or on certain UNIX platforms (i.e. SUN, AIX, HP, etc). What I'm trying to do is figure out what the following accounts are used for: listen nobody nobody4 noaccess I've done some surfing and found vague answers, but I'm looking for a little more detail. So far, all I've learned is that these are ...

  1. #1

    Default Rookie needs some help

    Hey All,

    I'm just starting my career in information security and have already
    found that I have quite a few questions concerning UNIX security and
    account setup.

    Here is my first question(s):

    1. There are several accounts that seem to be default on all UNIX
    systems or on certain UNIX platforms (i.e. SUN, AIX, HP, etc). What I'm
    trying to do is figure out what the following accounts are used for:
    listen
    nobody
    nobody4
    noaccess

    I've done some surfing and found vague answers, but I'm looking for a
    little more detail. So far, all I've learned is that these are no login
    IDs, but in my line of work we are still required to maintain
    registration on all of these and have to come up with a detailed
    business justification for these.

    Can anyone give me an explanation or point me to a link that would
    provided detailed info for these IDs?

    Thanks,
    TD

    odgreen1 Guest

  2. #2

    Default Re: Rookie needs some help

    On 6 Mar 2006 11:13:00 -0800, odgreen1 <com> wrote: 

    Welcome!
     

    Dunno.
     

    These two are what root's ID will be mapped to from a remote system.
    Say you're mounting a share from a remote system. You're root on the
    client, the files are owned by root on the server. But, you don't get
    them, because from the server's perspective, you're "nobody" (or
    "nobody4"), not root.

    Goal there is to prevent Joe User from putting a unix box of some sort
    on your network, being root on there, and accessing files owned by root
    on an nfs server elsewhere.
     

    Dunno.

    Dave Hinz

    Dave Guest

  3. #3

    Default Re: Rookie needs some help

    Dave Hinz wrote: 
    >
    > Welcome!

    >
    > Dunno.[/ref]

    In general, nologin accounts exist so programs can run with their
    UID not root, and/or to have someone identifiable own files. In the
    case of "listen", it's a System V service having to do with
    listening for print queue requests. I figure it is different from "lp"
    because the System V print spooler is different from the BSD
    print spooler.
     
    >
    > These two are what root's ID will be mapped to from a remote system.
    > Say you're mounting a share from a remote system. You're root on the
    > client, the files are owned by root on the server. But, you don't get
    > them, because from the server's perspective, you're "nobody" (or
    > "nobody4"), not root.
    >
    > Goal there is to prevent Joe User from putting a unix box of some sort
    > on your network, being root on there, and accessing files owned by root
    > on an nfs server elsewhere.

    >
    > Dunno.[/ref]

    Overlap with nobody. I get the impression it's another of those
    overlaps between old SysV and old BSD being gratuitously different.

    Doug Guest

  4. #4

    Default Re: Rookie needs some help

    (Followup-to: comp.security.unix)
    odgreen1 wrote: 

    These typically exist to be used as IDs having little, "no", or quite
    limited privileges. E.g. when one wants an ID that should own
    precisely nothing on any of the file systems on a system, one might
    have an ID specifically for that purpose, so that daemons, or other
    processes that shouldn't own anything and should have no unusual
    privileges regarding file access, they can run with the appropriate
    suitable ID. There may also be a significant number of such IDs.
    Most notably to isolate them from each other - e.g. so that if a
    process under one ID is corrupted/compromised, it can't directly
    impact the other IDs (e.g. can't signal those processes, access
    their memory, or other resources via proc file system or other means,
    etc.), and it's more likely any problem can be tracked back to the
    responsible service/process/program via the ID. This is also a
    reason why many network services will each have their own IDs. IDs
    are also sometimes used to have some type of privilege, but less than
    superuser (root). Again, there may be many such IDs, for purposes of
    isolating them from each other. Removing IDs doesn't necessarily
    enhance security, and possibly can cause problems, break things, or
    weaken security. If an ID is properly locked down and secured, it
    should not pose additional security risks. Ye olde C2 security
    requirements actually require that IDs not be removed, but that
    instead they be permanently "retired"/deactivated (most notably this
    leaves a better audit trail, as the UID <--> login mapping will
    always persist and be consistent when C2 is strictly adhered to).

    E.g. here's a short list of some special-purpose IDs that may exist on
    some systems:
    adm
    alias
    aptproxy
    asg
    audit
    auth
    backup
    bin
    bind
    cron
    daemon
    Debian-exim
    dos
    faxmaster
    fetchmail
    ftp
    games
    gdm
    gnats
    gopher
    identd
    informix
    ingres
    irc
    list
    logcheck
    lp
    mail
    majordom
    man
    messagebus
    mmdf
    msql
    netplan
    network
    news
    nobody
    ntop
    nuucp
    operator
    oracle
    partimag
    postgres
    proxy
    qmaild
    qmaill
    qmailp
    qmailq
    qmailr
    qmails
    rwhod
    saned
    smmsp
    snort
    sshd
    sslwrap
    sync
    sys
    sysinfo
    telnetd
    tftpuser
    uucp
    www-data

    Michael Guest

Similar Threads

  1. Rookie need help
    By Kronin555 in forum Coldfusion - Getting Started
    Replies: 3
    Last Post: January 19th, 07:04 PM
  2. rookie question
    By alexross@adobeforums.com in forum Adobe Indesign Windows
    Replies: 2
    Last Post: August 19th, 06:15 PM
  3. advice for rookie
    By alexross@adobeforums.com in forum Adobe Illustrator Windows
    Replies: 7
    Last Post: August 16th, 05:18 PM
  4. Help!!! a rookie.
    By rongee in forum Macromedia Director Basics
    Replies: 1
    Last Post: April 3rd, 07:54 PM
  5. iMac rookie needs help, Please!!!!!!!!!!!!!!!!!!!!!!!!
    By pattersonme in forum Mac Applications & Software
    Replies: 1
    Last Post: June 28th, 03:53 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139