# Security: users created when ports installed



## LordInateur (Jun 29, 2012)

Quick question: during the installation of a port, in this case GNOME 2, one of the dependencies created a new user and new group (can't remember the name of the uid or gid). Is there a security risk if someone were trying to log in using the username, or does reserving a uid not necessarily mean that a profile will be created? I'm running FreeBSD 9 in a QEMU environment. Thank you.


----------



## ManaHime (Jun 29, 2012)

As far as I know, those users are created with "nologin" so you can't login using those accounts.


----------



## DutchDaemon (Jun 29, 2012)

And they're also password-less.


----------



## LordInateur (Jun 29, 2012)

That's the part that scares me. But if they are flagged with "nologin" then I suppose there's no point in having a password in any case.


----------



## kpa (Jun 29, 2012)

Read the passwd(5) manual page, it's all explained there. The conventions for disabling logins for accounts were worked out ages ago and still work as intended.


----------

