2

I want to know which users are necessary for a Unix/Linux system. I found a doc which told me that there were three necessary users: root, bin, and daemon.

For the user bin and the user daemon, I still can't understand what they are used for. Here is how the doc described them:

Notes: The bin User ID/Group ID is included for compatibility with legacy applications. New applications should no longer use the bin User ID/Group ID.
The daemon User ID/Group ID was used as an unprivileged User ID/Group ID for daemons to execute under in order to limit their access to the system. Generally daemons should now run under individual User ID/Group IDs in order to further partition daemons from one another.

Yves
  • 3,291

1 Answers1

4

What are the bin and daemon users used for?

First, note that the document you’re referring to is the Linux Standard Base, and it lists requirements for systems to be considered LSB-compliant, not for them to be viable in general.

A long time ago, dæmons ran as root. This was eventually considered to be undesirable, since it meant that any dæmon could do anything it wanted in the system. So the daemon user was introduced: dæmons ran as user daemon, so they were limited to what that user could do.

The reasons for bin are in a similar vein, and have been obsolete for thirty years...

Nowadays, as mentioned in the LSB, they are only present for legacy reasons, i.e. to be able to run ancient software which assumes those users are present. Current software doesn’t need them.

What users are necessary on a Linux/Unix system?

The short answer to that is, whatever users are used by the system.

However, all Linux and Unix-style systems have policies which specify that a certain baseline can be assumed. This includes default system users and groups; see for example Debian Policy (which defines the framework) and the master list of Debian system users. Any Debian package can assume that those users are present: Policy specifies that they are

the same on every Debian system

(although Debian Policy is descriptive, not normative, it does set up a number of assumptions which the rest of Debian relies on).

So you can in theory remove any user and group which your system doesn’t currently use; however that may cause future breakage, as you install new packages or upgrade existing ones. (Admittedly, this is highly unlikely for bin and daemon.)

Stephen Kitt
  • 434,908