Home / server / Questions / 53283
Accepted
Matthieu
Asked: 2009-08-13 08:05:31 +0800 CST

Debian and users

  • 772

After a fresh GNU/Linux Debian install I can see that a lot of users are created:

  • daemon
  • bin
  • sys
  • games
  • man
  • lp
  • mail
  • news
  • uucp
  • proxy
  • list
  • irc
  • gnats
  • Debian-exim
  • statd
  • identd

This os is running on a server. I don't have games, printer, news server, irc server...

Are these users useful? Can I remove some of them?

I did not find any documentation about this :(

linux debian user-management

4 Answers

  1. Best Answer

    You could remove them but there isn't really a strong reason to do so since they are all disabled. The documentation about these accounts can be found in the local file /usr/share/doc/base-passwd/users-and-groups.html. Many packages depend on these accounts existing, and if you ever software that requires one of these accounts the newly added package will fail.

    Debian calls these global static accounts.

    The Debian base-passwd package contains the master versions of /etc/passwd and /etc/group. The update-passwd tool keeps the entries in these master files in sync on all Debian systems. They comprise only "global static" ids: that is, those which are reserved globally for the benefit of packages which need to include files owned by those users or groups, or need the ids compiled into binaries. Since this reservation is a serious restriction, these ids must be allocated by the base-passwd maintainer on request. In general, packages should avoid requesting such ids where possible and instead allocate system users or groups dynamically. See Debian Policy for further details.

    • 11

  2. Sorry this isn't a direct answer, but I think this might be helpful still...

    A Philosophy towards 'tweaking':
    It is fun to tweak things, but generally, the people who made a distribution or OS know what they are doing. Unless you have specific requirements, for example, a VPS with limited resources, you should just let it be. And if that is the case, you might want to look at a light version of the distribution, where many eyes have looked at it and figured out what can go.

    This stuff doesn't really use a lot of resources, and is generally configured these days so they are not causing security holes. If they are causing security holes, updates on a good distribution are released fast and frequently. Going and tweaking is probably just going to screw up upgrades, or you are going to try to install something and it isn't going to work because of a tweak you did.

    It is great to learn about what these users are for, and the curious attitude is a good one, but do it in a lab environment. :-)

    • 7

  3. The short answer is no, you can't do it safely.

    The long one is a corollary of the Zoredache's answer, as this is a maintainers enforced base set of users they are (or could be) supposed to exists by every package, eventually not testing for this fact (ok, they should ... but we know that Murphy looks at us!). This can led to a very subtle corruption of some behavior of possible future package you could install or update in the future. You could remove them, but it is safest and strongly recommended to leave them at they place!

    • 3

  4. I would recommend not removing any of them. It isn't a necessary thing.

    Those accounts should be configured without passwords and thus not allowed to login, so there's no harm in leaving them there.

    • 1