On Thu, Jan 05, 2006 at 11:37:37AM -0500, Steven M. Bellovin wrote:
> In message <2D9B97AF-F18F-4B5F-9E76-3F448F360E70@beer.org>, Herb Peyerl writes:
> >
> >On 5-Jan-06, at 4:13 AM, Eric wrote:
> >> I've been using NetBSD 2.0 for a few months, and just configured  
> >> kdm so that I can log-in graphically.  When I did so, I noticed two  
> >> other users - "nobody" and "cyrus" - listed on the display.
> >> I'm not that concerned about "nobody", but what/who is "cyrus"?  I  
> >> haven't added any other users to the system.  Cyrus' "Full Name"  
> >> according to kusers begins with instmp.  Is this a user needed for  
> >> the system, or has my system been compromised (I configured my own  
> >> ipf firewall based on an example from the FreeBSD handbook, and  
> >> haven't felt 100% comfortable with my work).
> >> I'd like to delete "cyrus" but don't want to muck things up.
> >
> >You probably added the Cyrus imapd client or cyrus-saslauth stuff.
> >
> >cyrus:*:1003:6:cyrus-sasl cyrus user:/nonexistent:/bin/sh
> >
> Perhaps packages that add userids should indicate that in the gecos 
> field:
> 
> 	cyrus:*:1003:6:cyrus-sasl cyrus user,pkg-imapd:/nonexistent:/bin/sh
> 
> or some such.  (tech-pkg added to the cc list.)

And maybe they could use the range below 1000 for UIDs, as those users are
in fact "system users".

Pavel Cahyna