Originally posted by: chandru0078

Dear Friends

I'm on the mid implementing security features on our production servers.So need verification on the ID part.According to our security team policy we need to disable
unwanted IDs if possible.Can we "lock" below listed IDs ?
daemon
bin
sys
adm
uucp
guest
nobody
lpd
lp
invscout
snapp
ipsec
nuucp
sshd

Finding from secuirty redbook.
The following table lists the most common default user IDs that you might be able to remove:
User ID Description
uucp, nuucp ---Owner of hidden files used by uucp protocol
lpd---- Owner of files used by printing subsystem
imnadm -----IMN search engine (used by Documentation Library Search)
guest-- Allows access to users who do not have access to accounts
The following table lists common group IDs that might not be needed:
Group ID Description
uucp --Group to which uucpand nuucp users belong
printq --Group to which lpd user belongs
imnadm-- Group to which imnadm user belongs

Apart of this IDs can be lock sys,bin.deamon,ipsec e.i..?There will be any impact if we lock above IDs?
#AIX-Forum

Originally posted by: nagger

From a quick look at my systems these should already be locked.

Either with a

• "*" in the /etc/passwd file
• "password = *" in the /etc/security/passwd file

Nobody should be able to login with these user id's with telnet or other tools.
They are used internally for security and file permissions.

Of course, this is just my opinion.

Hope this helps, N
#AIX-Forum