System special user accounts
AIX® provides a default set of system special user accounts that prevents the root and system accounts from owning all operating system files and file systems.
Attention: Use caution when removing a system special
user account. You can disable a specific account by inserting an asterisk
(*) at the beginning of its corresponding line of the /etc/security/passwd file. However, be careful not to disable the root user account.
If you remove system special user accounts or disable the root account,
the operating system will not function.
The following accounts are predefined in the operating system:
- adm
- The adm user account owns the following basic system functions:
- Diagnostics, the tools for which are stored in the /usr/sbin/perf/diag_tool directory.
- Accounting, the tools for which are stored in the following directories:
- /usr/sbin/acct
- /usr/lib/acct
- /var/adm
- /var/adm/acct/fiscal
- /var/adm/acct/nite
- /var/adm/acct/sum
- bin
- The bin user account typically owns the executable files for most user commands. This account's primary purpose is to help distribute the ownership of important system directories and files so that everything is not owned solely by the root and sys user accounts.
- daemon
- The daemon user account exists only to own and run system server processes and their associated files. This account guarantees that such processes run with the appropriate file access permissions.
- nobody
- The nobody user account is used by the Network File System (NFS)
to enable remote printing. This account exists so that a program can
permit temporary root access to root users. For example, before enabling
Secure RPC or Secure NFS, check the /etc/public key on the master NIS server to find a user who has not been assigned
a public key and a secret key. As root user, you can create an entry
in the database for each unassigned user by entering:
newkey -u username
- root
- The root user account, UID 0, through which you can perform system maintenance tasks and troubleshoot system problems.
- sys
- The sys user owns the default mounting point for the Distributed File Service (DFS) cache, which must exist before you can install or configure DFS on a client. The /usr/sys directory can also store installation images.
- system
- System group is a system-defined group for system administrators. Users of the system group have the privilege to perform some system maintenance tasks without requiring root authority.