Subject: Re: User that I didn't add appearing on NetBSD system
To: Herb Peyerl <hpeyerl@beer.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-pkg
Date: 01/05/2006 11:37:37
In message <2D9B97AF-F18F-4B5F-9E76-3F448F360E70@beer.org>, Herb Peyerl writes:
>
>On 5-Jan-06, at 4:13 AM, Eric wrote:
>> I've been using NetBSD 2.0 for a few months, and just configured  
>> kdm so that I can log-in graphically.  When I did so, I noticed two  
>> other users - "nobody" and "cyrus" - listed on the display.
>> I'm not that concerned about "nobody", but what/who is "cyrus"?  I  
>> haven't added any other users to the system.  Cyrus' "Full Name"  
>> according to kusers begins with instmp.  Is this a user needed for  
>> the system, or has my system been compromised (I configured my own  
>> ipf firewall based on an example from the FreeBSD handbook, and  
>> haven't felt 100% comfortable with my work).
>> I'd like to delete "cyrus" but don't want to muck things up.
>
>You probably added the Cyrus imapd client or cyrus-saslauth stuff.
>
>cyrus:*:1003:6:cyrus-sasl cyrus user:/nonexistent:/bin/sh
>
Perhaps packages that add userids should indicate that in the gecos 
field:

	cyrus:*:1003:6:cyrus-sasl cyrus user,pkg-imapd:/nonexistent:/bin/sh

or some such.  (tech-pkg added to the cc list.)

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb