Subject: Re: User that I didn't add appearing on NetBSD system
To: Herb Peyerl <hpeyerl@beer.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-pkg
Date: 01/05/2006 11:37:37
In message <2D9B97AF-F18F-4B5F-9E76-3F448F360E70@beer.org>, Herb Peyerl writes:
>
>On 5-Jan-06, at 4:13 AM, Eric wrote:
>> I've been using NetBSD 2.0 for a few months, and just configured
>> kdm so that I can log-in graphically. When I did so, I noticed two
>> other users - "nobody" and "cyrus" - listed on the display.
>> I'm not that concerned about "nobody", but what/who is "cyrus"? I
>> haven't added any other users to the system. Cyrus' "Full Name"
>> according to kusers begins with instmp. Is this a user needed for
>> the system, or has my system been compromised (I configured my own
>> ipf firewall based on an example from the FreeBSD handbook, and
>> haven't felt 100% comfortable with my work).
>> I'd like to delete "cyrus" but don't want to muck things up.
>
>You probably added the Cyrus imapd client or cyrus-saslauth stuff.
>
>cyrus:*:1003:6:cyrus-sasl cyrus user:/nonexistent:/bin/sh
>
Perhaps packages that add userids should indicate that in the gecos
field:
cyrus:*:1003:6:cyrus-sasl cyrus user,pkg-imapd:/nonexistent:/bin/sh
or some such. (tech-pkg added to the cc list.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb