It is important to DISABLE ALL default vendor accounts that you don't use on your system, some accounts exist by default even if you have not installed the related services on your server. This
should be checked after each upgrade or new software installation. Linux provides these accounts for various system activities, which you may not need if the services are not installed on your
server. If you do not need the accounts, remove them. The more accounts you have, the easier it is to access your system.
We assume you are using the Shadow password suite on your Linux system. If you are not, you should consider doing so, as it helps to tighten up security somewhat. This must already be set if
you've followed our instructions till now and selected under the Authentication Configuration the option to Enable Shadow Passwords see
Post Partitioning for more information.
To delete user on your system, use the command:
[root@deep] /# userdel username
To delete group on your system, use the command:
[root@deep] /# groupdel username
Type the following commands on your terminal to delete users listed below:
Delete this user if you don't use X Window Server.
Delete this user if you don't use ftp anonymous server.
By default, the userdel command will not delete a user's home directory. If you want the home directories of accounts to be deleted too, then
add the -r option to the userdel command.
Type the following commands on your terminal to delete the usersgroups listed below:
Changing password for user admin
New UNIX password: somepasswd
passwd: all authentication tokens updated successfully
The immutable bit can be used to prevent accidentally deleting or overwriting a file that must be protected. It also prevents someone from creating a symbolic link to this file, which has been the source of attacks involving the deletion
of /etc/passwd, /etc/shadow, /etc/group or /etc/gshadow.
To set the immutable bit on the passwords and groups files, use the command:
:
In future, if you intend to add or delete users, passwords, usergroups, or group files, you must unset the immutable bit on all those files or you will not be able to make your changes. Also if you intend to install an RPM program that will automatically add a new user to the different
immunized passwd and group files, then you will receive an error message during the install if you have not unset the immutable bit from those files.