# which ones are the default users



## zodehala (Oct 1, 2009)

which ones are the default users ? 


```
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
pgsql:*:70:70:PostgreSQL Daemon:/var/db/pgsql:/bin/sh
ssp:*:1001:20:User &:/home/ssp:/bin/sh
ssp-root:*:1002:20:User &:/home/ssp-root:/usr/local/bin/bash
admin:*:1003:0:User &:/home/admin:/usr/local/bin/bash
```


----------



## SirDice (Oct 1, 2009)

Hint: the first user accounts created (with adduser or similar tools) have UID 1001


----------



## dennylin93 (Oct 1, 2009)

All the users apart from pgsql, ssp, ssp-root, and admin are default ones.


----------



## zodehala (Oct 1, 2009)

how can i know which ones have root previliges ?


----------



## SirDice (Oct 1, 2009)

Look for the ones with UID 0.


----------



## fonz (Oct 1, 2009)

zodehala said:
			
		

> how can i know which ones have root previliges ?



UID=0 (true root accounts)
GID=0 (wheel, allowed to su(1) to root
check /etc/sudoers.conf (if sudo has been installed)
anyone you gave the root password to
crackers, if any


----------



## dennylin93 (Oct 2, 2009)

fonz said:
			
		

> UID=0 (true root accounts)
> GID=0 (wheel, allowed to su(1) to root
> check /etc/sudoers.conf (if sudo has been installed)
> anyone you gave the root password to
> crackers, if any



The default path of the configuraton file for security/sudo should be /usr/local/etc/sudoers.


----------



## fonz (Oct 2, 2009)

dennylin93 said:
			
		

> The default path of the configuraton file for security/sudo should be /usr/local/etc/sudoers.


Yeah, you're right. I usually have it symlinked to /etc though.

Alphons (force of habit)


----------

