Delete Unnecessary Accounts from the System
If accounts irrelevant to your services exist in the system, attackers may exploit them to launch attacks. To mitigate security risks, the system should retain only the accounts required for services. All other accounts used for installation, deployment, commissioning, verification, and troubleshooting must be deleted.
By default, openEuler retains only the essential accounts required for system operation.
- Determine whether there are any accounts irrelevant to your services based on your service scenarios. You can run the following command to list all accounts in the system:
cat /etc/passwd | awk -F ":" '{print $1}'Follow these steps:
- Run the preceding command on a platform where no services are deployed to obtain all account information.
- Run the same command on a fully deployed service platform to obtain its account information.
- Compare the two outputs and analyze the differences to verify whether they align with your intended service design.
- If any service-irrelevant accounts are found, delete them using the following steps:
- Find all files owned by the account and manually delete them using the rm command. The following uses the test user as an example. The /home/test directory can be automatically deleted using parameters when the account is deleted. In the command, xxx represents the file or directory to be deleted:
find / -user test rm xxx -rf
- Delete the account, including the /home/test directory.
userdel -rf test
- Find all files owned by the account and manually delete them using the rm command. The following uses the test user as an example. The /home/test directory can be automatically deleted using parameters when the account is deleted. In the command, xxx represents the file or directory to be deleted:
Parent topic: Manual Configuration Items