Dave Sherohman wrote: > > How can anonymous FTP be enabled when I have no FTP server installed? > > Is a config file present in /etc?
What would it be called? There are no files matching the glob "/etc/ftp*". > It can potentially make superuser access easier to crack unless both > accounts have strong passwords. More generally, I suspect that this > is flagged because it could indicate that your system has been > compromised and an illicit superuser has been created. Fair enough. Do I really need sash for anything? Does it really need to have its own account? > > that aside, what should be the shell for a disabled account? /bin/false? > > That's probably the most common choice. So should I set the shell to /bin/false for all accounts that shouldn't allow a tty or console login? That would include postgres, mail, www-data, daemon, bin, sys, man, games, lp, uucp, backup, operator, nobody... For that matter, can some of these be safely deleted? I can tell that some of them relate to specific services, but I don't know why there's a "games" user, for example. I gather the "games" group has to do with shared access to system-wide high-score files, but does a corresponding user account have to exist also? Craig
