Delete all users and groups except root in debian

Question

I would like to delete all users present by default on my Debian,
but I wonder what can happen if I delete them...

I am learning linux so I want to clean everything except root and play around with users, groups, permissions, etc

On this system I will only need to use apache, ssh, ftp

Seems that running cat /etc/passwd it shows me the users by creation date, if so, what is the last default user created after the initial installation?

I have also www-data user. After the Debian-gdm user I have the following:

ammps <-- should come from apt-get install ampps
mysql <-- should come from apt-get install ampps
ftp <-- should come from apt-get install ampps
sshd <-- should come from apt-get install openssh

score 2 · Answer 1 · edited May 23 '17 at 12:40

On each Unix-like system, /etc/passwd contains a mixture of privileged (or system) and ordinary users. Most of these systems reserve the initial 0 to (some number) for the former. On Debian, ordinary users start with 1000.

For instance, here is the predefined part of /etc/passwd from Debian 7:

root:x:0:0:root:/root:/bin/bash                                            
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
messagebus:x:101:105::/var/run/dbus:/bin/false
colord:x:102:106:colord colour management daemon,,,:/var/lib/colord:/bin/false
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
Debian-exim:x:104:111::/var/spool/exim4:/bin/false
statd:x:105:65534::/var/lib/nfs:/bin/false
avahi:x:106:114:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
bind:x:107:115::/var/cache/bind:/bin/false
pulse:x:108:116:PulseAudio daemon,,,:/var/run/pulse:/bin/false
speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
rtkit:x:111:118:RealtimeKit,,,:/proc:/bin/false
saned:x:112:120::/home/saned:/bin/false
Debian-gdm:x:113:121:Gnome Display Manager:/var/lib/gdm3:/bin/false

Packages (such as apache2) may add a user, such as www-data. I found this by doing

dpkg -l

and looking for apache.

You can see the processes used by apache by using ps -ef to list processes along with the pathnames of the executables which are run. For instance, I typed

ps -ef |grep apache

and see (ignoring a line showing the "grep" command):

root       2777      1  0 08:42 ?        00:00:00 /usr/sbin/apache2 -k start
www-data   2924   2777  0 08:42 ?        00:00:00 /usr/sbin/apache2 -k start
www-data   2925   2777  0 08:42 ?        00:00:00 /usr/sbin/apache2 -k start
www-data   2926   2777  0 08:42 ?        00:00:00 /usr/sbin/apache2 -k start
www-data   2929   2777  0 08:42 ?        00:00:00 /usr/sbin/apache2 -k start
www-data   2932   2777  0 08:42 ?        00:00:00 /usr/sbin/apache2 -k start

The first column is the user name from /etc/passwd, and the pathnames shown on the right are those which happen to be running, and (per Debian convention) have apache installed as "apache2". Other packages may require more work to find a suitable list of programs to inspect, but ps is a good starting point to see which things actually are running and in use.

As a rule, you should not simply remove a user, because that will leave files with unknown ownership. Start by removing the package which installed that user, then use find to look for files which might be left over.

If you remove a user without removing all of the files, and subsequently do ls -l, you will see only numbers for the ownership rather than a name. And if you create a new user, it may use those numbers, leading to lots of confusion.

www-data is in the predefined list, since it is often installed (and it helps with recovery from failures to have known uid values). Some other systems may install fewer predefined users.

Further reading:

right - an newer version of Debian likely adds another user or two. — Thomas Dickey, Dec 27 '15 at 13:56
Can you be more precise about how to check if something is left over? — neoDev, Dec 27 '15 at 14:08
What happens to files and folders left with unknown ownership? — neoDev, Dec 27 '15 at 14:11
“Privileged” is a really bad way to put it. These users aren't privileged: there's no difference in permissions. The only user that's intrinsically privileged is root (more precisely, UID 0). There are accounts used by system services and users used by human users. — Gilles 'SO- stop being evil', Dec 27 '15 at 19:42
That was the closest I could recall offhand to the term for owners of daemon processes (terminology is always a problem). — Thomas Dickey, Dec 27 '15 at 20:58
@Roger, the user/group recorded in /etc are just for human consumption. If there is a file owned by user number 1001, it just has no user name associated (and no way to log in as that user, obviously) if it isn't recorded in /etc/passwd and so. — vonbrand, Dec 27 '15 at 22:32

score 0 · Answer 2 · answered Dec 27 '15 at 13:24

0

you can delete any user account that you do not need. if you are running apache then you many not want to delete apache user. so you can delete a user if any service you need is not running as that user.And you can always add them back if you want.

answered Dec 27 '15 at 13:24

Ijaz Ahmad

7,202

Can you be more precise about apache please? I can improve my post adding details: I use ampps, so this will create a new user and group right? – neoDev Dec 27 '15 at 13:25
apache service run as apache user. there will be an apache user entry in /etc/passwd file – Ijaz Ahmad Dec 27 '15 at 13:26
yes actually in that file I have at least 30 entries, I don't think I need all this stuff – neoDev Dec 27 '15 at 13:27
i think you dont need to delete the deafult users that comes with linux installation , they are associated with some service , but you can delete any user account that is manually added by someone and is not needed further. – Ijaz Ahmad Dec 27 '15 at 13:29
ampps creates a new user, and I am not sure what can do and if there are other "added" things, how can I check? – neoDev Dec 27 '15 at 13:31
you can always check a process/program which user it is running as. – Ijaz Ahmad Dec 27 '15 at 13:38
Which command do I have to run to check it? – neoDev Dec 27 '15 at 13:42
#service service_name status or #systemctl status service_name – Ijaz Ahmad Dec 27 '15 at 13:47
The second command is working: systemctl status service_name – neoDev Dec 27 '15 at 13:51
How is called apache service? httpd is not found, not even apache – neoDev Dec 27 '15 at 13:53
it will be apache2 on debian – Ijaz Ahmad Dec 27 '15 at 13:55
or you may use , #ps aux | grep apache2 – Ijaz Ahmad Dec 27 '15 at 13:56
Entering: ps aux | grep apache the output is about 10 lines, how do I interpret those fields? – neoDev Dec 27 '15 at 14:04
read the man page for ps #man ps – Ijaz Ahmad Dec 27 '15 at 14:25

Delete all users and groups except root in debian

2 Answers2