Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

question about /etc/passwd entries

52 views
Skip to first unread message

Mike Mueller

unread,
Sep 14, 2002, 5:50:06 PM9/14/02
to
Why does my 2.2r6 system need a user called bin?

Why is the following entry in /etc/passwd in my 2.2r6?

bin:*:11812:0:99999:7:::

I am asking about this entry as a representative for others like it. I've
seen these entries referred to as virtual or pseudo users in some Google
searches. I thought they may be for setuid purposes but

$ find / -user bin -ls

yields no files owned by bin

I though it might exist for authentication purposes, but the /etc/shadow file
for bin has a splat for a passwd which I interpret to mean that no one can
log in with that username.

I am stuck trying to figure this out. Any help would be a relief.
--
mueller, mike

The larger purpose of the economic order, including Wall Street, is to
support the material conditions for human existence, not to undermine and
destabilize them.

-Editorial, The Nation, August 19, 2002


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Aaron Hall

unread,
Sep 14, 2002, 7:10:05 PM9/14/02
to
On Sat, 14 Sep 2002, Mike Mueller wrote:

> Why does my 2.2r6 system need a user called bin?
>
> Why is the following entry in /etc/passwd in my 2.2r6?
>
> bin:*:11812:0:99999:7:::

Small nit: that looks like it's from /etc/shadow, not /etc/passwd.

> I am asking about this entry as a representative for others like it. I've
> seen these entries referred to as virtual or pseudo users in some Google
> searches. I thought they may be for setuid purposes but
>
> $ find / -user bin -ls
>
> yields no files owned by bin

[rest snipped]

Many of those entries are there for things that you might not use on
your system, and some appear to be there simply because they've always
been there.

There was a discussion on this just over a year ago, you can check out
the thread on the archives, starting here:

<http://lists.debian.org/debian-user/2001/debian-user-200108/msg00993.html>

- Aaron

--
Aaron Hall : We Are The Space Robots. We Are Here To
ah...@vitaphone.net : Protect You. We Are Here To Protect You
: From The Terrible Secret Of Space.

Macintosh/UNIX Geek, Network Flack, and...eh, whatever.

Bob Proulx

unread,
Sep 14, 2002, 7:30:04 PM9/14/02
to
Mike Mueller <mjm...@mindspring.com> [2002-09-14 17:45:03 -0400]:

> Why does my 2.2r6 system need a user called bin?
> $ find / -user bin -ls
> yields no files owned by bin

Prior to the introduction of NFS the typical owner of files in /bin,
/usr/bin, etc. was the 'bin' user for UNIX systems. This predates
Debian. The 'bin' user was a non-root and non-anyother user.

If you were to look at commercial systems such as hpux, aix, etc. you
would find that they still ship /bin files owned by the 'bin' user
even today. Changing the uid of the directories which contain system
files to 'root' is one of the common security hardening steps needed
when implementing one of those systems as an NFS server.

NFS changed the world overnight. NFS only implements root-squash, the
conversion of a privileged id into a non-privileged id, for root. It
does not do this for other users such as 'bin'. Therefore on a system
which might run NFS it was needed to convert the user to 'root' which
is protected across NFS. It turns out that 'root' is the only safe
owner of files over NFS.

Debian currently ships a password file that contains most of the
traditional UNIX account such as 'bin'. They are there because they
were always there. Removing them might in some way cause the system
to be less useful. They take up such a small amount of resource as to
be insignificant. There is no return on the investment to remove them
and test everything to make sure absolutely nothing would break
without them. Other systems also ship those same users in /etc/passwd
and this keeps Debian compatible with other systems.

Bob

nate

unread,
Sep 14, 2002, 8:00:07 PM9/14/02
to
Mike Mueller said:
> Why does my 2.2r6 system need a user called bin?
>
> Why is the following entry in /etc/passwd in my 2.2r6?

> yields no files owned by bin


I think debian likes to maintain consistancy between uid:gid,
that is, if there is a uid 50 there should be a corrisponding
gid 50 with the same name.

there are many files owned by group bin ..

that's my guess, I think its a good idea to have a user:group
setup like this, makes things(for me) easier to manage.

nate

Mike Mueller

unread,
Sep 15, 2002, 10:20:05 PM9/15/02
to

On Saturday 14 September 2002 19:06, Aaron Hall wrote:
> On Sat, 14 Sep 2002, Mike Mueller wrote:
> > Why does my 2.2r6 system need a user called bin?

<snip>

> There was a discussion on this just over a year ago, you can check out
> the thread on the archives, starting here:
>
> <http://lists.debian.org/debian-user/2001/debian-user-200108/msg00993.html>
>

Bang on! Has this info and the response from Bob Proulx and others been
pulled into a document of any sort? I think it ought to be in the System
Administrator's Guide or a Linux Authentication HOWTO.

--
mueller, mike

The larger purpose of the economic order, including Wall Street, is to
support the material conditions for human existence, not to undermine and
destabilize them.

-Editorial, The Nation, August 19, 2002

Osamu Aoki

unread,
Sep 16, 2002, 3:30:08 PM9/16/02
to
On Sun, Sep 15, 2002 at 10:16:52PM -0400, Mike Mueller wrote:
> > On Sat, 14 Sep 2002, Mike Mueller wrote:
> > > Why does my 2.2r6 system need a user called bin?
> <snip>
> > <http://lists.debian.org/debian-user/2001/debian-user-200108/msg00993.html>
> >
> Bang on! Has this info and the response from Bob Proulx and others been
> pulled into a document of any sort? I think it ought to be in the System
> Administrator's Guide or a Linux Authentication HOWTO.

I think it is in Securing Debian Manual.

It can be located in CVS version of web page (See URL below) and in
unastable archive (I hope by now) as harden-doc package:

http://www.debian.org/doc/manuals/securing-debian-howto/

I recommend to read our DDP documents

Debian FAQ
Debian Reference
Securing Debian Manual

Cheers:-)

--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
Osamu Aoki @ Cupertino CA USA, GPG-key: A8061F32
.''`. Debian Reference: post-installation user's guide for non-developers
: :' : http://www.debian.org/doc/manuals/reference/ also http://qref.sf.net
`. `' "Our Priorities are Our Users and Free Software" --- Social Contract

Mike Mueller

unread,
Sep 17, 2002, 8:50:05 AM9/17/02
to
On Monday 16 September 2002 15:21, Osamu Aoki wrote:
> On Sun, Sep 15, 2002 at 10:16:52PM -0400, Mike Mueller wrote:
> > > On Sat, 14 Sep 2002, Mike Mueller wrote:
> > > > Why does my 2.2r6 system need a user called bin?
> >
> > <snip>
> >
> > > <http://lists.debian.org/debian-user/2001/debian-user-200108/msg00993.h
> > >tml>
> >
> > Bang on! Has this info and the response from Bob Proulx and others been
> > pulled into a document of any sort? I think it ought to be in the System
> > Administrator's Guide or a Linux Authentication HOWTO.
>
> I think it is in Securing Debian Manual.

Yep. Thanks.
http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html
Section 11.1.12.1

>
> It can be located in CVS version of web page (See URL below) and in
> unastable archive (I hope by now) as harden-doc package:
>
> http://www.debian.org/doc/manuals/securing-debian-howto/
>
> I recommend to read our DDP documents
>
> Debian FAQ
> Debian Reference
> Securing Debian Manual
>
> Cheers:-)

--
mueller, mike

0 new messages