Building a Secure Web Server - Accounts management (Page 3 of 4 )
Remember, we’re not building an ordinary laptop or desktop; we’re building a secure server. Very few people—only administrators—should be able to log in. Therefore, we must strictly control who and what is going to have access to this machine.
This starts by identifying all users. On my fresh Ubuntu install, and most other versions of Linux or Unix, you simply list the contents of the /etc/passwd file to reveal the system’s users.
Look at that; 24 accounts were created on a fresh install! Most people don’t even know for what these accounts are used. Several of these accounts are not necessary for a web server, so Iwill disable them by assigning a shell that cannot log in (/bin/false):
Assigning a shell of /bin/false prevents a real person from being able to log in to the system via that account. After some time has passed, you may want to remove these accounts entirely.
On a Windows machine you can do this by right-clicking on My Computer and selecting Manage -> System Tools -> Local Users and Groups -> Users.
For what are these accounts used, and why do Ineed to have them enabled? Excellent questions. For a program to run as a process, make connection, or read and write from the file system it has to “run as” a user. The user accounts are for programs and processes that are part of the core install. If you can determine that a service is not necessary for your machine, you can disable the service and delete the corresponding account.
Finally, the security principle of least privilege should also apply to users. No user, application, or process should have more privileges than it needs to perform its functions. A common way for an attacker to gain higher operating privileges is to cause a buffer overflow in a program already running with superuser privileges. Software defects that allow a user to execute with superuser privileges are a huge security issue, and the fixing of such software is a major part of maintaining a secure system.