Why do syslog and uml-net have /home in /etc/passwd?Steps for restoring the home directory? (User IDs etc.)I deleted the “/etc/passwd” file and cannot log inWhy is there a man entry in /etc/passwdIs it safe to revoke group other access to every directory in a file system?Why is syslog a user?Usernames in /etc/passwdhow to use old /etc/passwd file and old home directories after system restore?

How can I use Charisma instead of Strength or Dexterity for weapon attacks without being a Hexblade warlock?

Can Shadow Pokémon be Shiny in Pokémon Go?

Which verb means "to pet <an animal>"?

The falling broom handle

Convert Unix timestamp to human-readable time

Multithreading program stuck in optimized mode but runs normally in -O0

Is there a way in which all the members can be seated?

What helped Einstein to provide a more accurate description of gravity than Newton?

18-month-old kicked out of church nursery

What Constitutes a Secondary Dominant?

Can I swap out this 20A breaker for a 15A breaker?

How can I manage my team to maintain a reasonable productivity when my employer doesn't treat employees well?

180W Laptop charged with 45W charger, is it dead?

Why can't my custom camera body focus to far distances?

Leaving car in Lubbock, Texas for 1 month

What are the applications of the Mean Value Theorem?

How can I tell if I have simplified my talk too much?

Why do some PCBs have the courtyard in the silkscreen layer?

Does no-one standing against the speaker of the house in UK lead to the local electorate being disenfranchised?

Is it okay to have an email address called "SS"?

Finding big cacti between Phoenix, Las Vegas, and Los Angeles

I can be found near gentle green hills and stony mountains

Where are the NPC mages' spellbooks in the Lost Mine of Phandelver adventure?

Are there any real life instances of aircraft aborting a landing to avoid a vehicle?



Why do syslog and uml-net have /home in /etc/passwd?


Steps for restoring the home directory? (User IDs etc.)I deleted the “/etc/passwd” file and cannot log inWhy is there a man entry in /etc/passwdIs it safe to revoke group other access to every directory in a file system?Why is syslog a user?Usernames in /etc/passwdhow to use old /etc/passwd file and old home directories after system restore?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









3

















Can someone explain why users syslog and uml-net have /home in /etc/passwd, even though these directories in /home don't actually exist?



cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
syslog:x:101:104::/home/syslog:/bin/false
...
uml-net:x:107:111::/home/uml-net:/bin/false
...





users home-directory







share|improve this question


































    3

















    Can someone explain why users syslog and uml-net have /home in /etc/passwd, even though these directories in /home don't actually exist?



    cat /etc/passwd
    root:x:0:0:root:/root:/bin/bash
    syslog:x:101:104::/home/syslog:/bin/false
    ...
    uml-net:x:107:111::/home/uml-net:/bin/false
    ...





    users home-directory







    share|improve this question






























      3












      3








      3








      Can someone explain why users syslog and uml-net have /home in /etc/passwd, even though these directories in /home don't actually exist?



      cat /etc/passwd
      root:x:0:0:root:/root:/bin/bash
      syslog:x:101:104::/home/syslog:/bin/false
      ...
      uml-net:x:107:111::/home/uml-net:/bin/false
      ...





      users home-directory







      share|improve this question

















      Can someone explain why users syslog and uml-net have /home in /etc/passwd, even though these directories in /home don't actually exist?



      cat /etc/passwd
      root:x:0:0:root:/root:/bin/bash
      syslog:x:101:104::/home/syslog:/bin/false
      ...
      uml-net:x:107:111::/home/uml-net:/bin/false
      ...





      users home-directory




      users home-directory






      share|improve this question
















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 23 '17 at 13:19









      Zanna

      53.6k15 gold badges150 silver badges252 bronze badges




      53.6k15 gold badges150 silver badges252 bronze badges










      asked Mar 23 '17 at 12:53









      CppLearnerCppLearner

      5422 gold badges8 silver badges18 bronze badges




      5422 gold badges8 silver badges18 bronze badges























          2 Answers
          2






          active

          oldest

          votes


















          2


















          Inherited from old times and to not break stuff. Every line in /etc/passwd needs a home (see the addition below). And /etc/passwd is something we take as is as part of the Linux system (and not a Debian/Ubuntu specific feature).



          In the old days syslog-ng was pretty common and that used /home/syslog/ to create a directory in there for each data source type.



          Before the switch to systemd using rsyslog, storing logs in /var/log/syslog was more common. And systemd uses /run/systemd/journal/syslog.



          See the man page:



          /etc/passwd contains one line for each user account, 
          with seven fields delimited by colons (“:”). These fields are:

           · login name
           · optional encrypted password
           · numerical user ID
           · numerical group ID
           · user name or comment field
           · user home directory
           · optional user command interpreter


          The encrypted password and user command interpreter explicitly are mentioned as "optional". So I would assume the others are mandatory.






          share|improve this answer



































            0


















            In my case the user was possibly created by a malicious crypto mining script, the give away was it was the last user added:



            ...
            uml-net:x:114:118::/nonexistent:/bin/false


            The server was likely infected by this: https://security.stackexchange.com/questions/201263/a-process-called-watchbog-is-mining-crypto-currency-in-our-server-how-do-i-st?noredirect=1&lq=1



            It also left a ssh publickey login backdoor and various modified cron hooks. Your best bet is to re-install server with latest updates, and revision track /etc/ to help you notice differences - the latter helped me.



            Some files had user group Debian-exim so likely this server got compromised due to this https://www.linuxtechnews.com/cve-2019-10149-debian-has-released-critical-security-update-for-exim/






            share|improve this answer





























              Your Answer








              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "89"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader:
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              ,
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );














              draft saved

              draft discarded
















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f896040%2fwhy-do-syslog-and-uml-net-have-home-in-etc-passwd%23new-answer', 'question_page');

              );

              Post as a guest















              Required, but never shown


























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              2


















              Inherited from old times and to not break stuff. Every line in /etc/passwd needs a home (see the addition below). And /etc/passwd is something we take as is as part of the Linux system (and not a Debian/Ubuntu specific feature).



              In the old days syslog-ng was pretty common and that used /home/syslog/ to create a directory in there for each data source type.



              Before the switch to systemd using rsyslog, storing logs in /var/log/syslog was more common. And systemd uses /run/systemd/journal/syslog.



              See the man page:



              /etc/passwd contains one line for each user account, 
              with seven fields delimited by colons (“:”). These fields are:

               · login name
               · optional encrypted password
               · numerical user ID
               · numerical group ID
               · user name or comment field
               · user home directory
               · optional user command interpreter


              The encrypted password and user command interpreter explicitly are mentioned as "optional". So I would assume the others are mandatory.






              share|improve this answer
































                2


















                Inherited from old times and to not break stuff. Every line in /etc/passwd needs a home (see the addition below). And /etc/passwd is something we take as is as part of the Linux system (and not a Debian/Ubuntu specific feature).



                In the old days syslog-ng was pretty common and that used /home/syslog/ to create a directory in there for each data source type.



                Before the switch to systemd using rsyslog, storing logs in /var/log/syslog was more common. And systemd uses /run/systemd/journal/syslog.



                See the man page:



                /etc/passwd contains one line for each user account, 
                with seven fields delimited by colons (“:”). These fields are:

                 · login name
                 · optional encrypted password
                 · numerical user ID
                 · numerical group ID
                 · user name or comment field
                 · user home directory
                 · optional user command interpreter


                The encrypted password and user command interpreter explicitly are mentioned as "optional". So I would assume the others are mandatory.






                share|improve this answer






























                  2














                  2










                  2









                  Inherited from old times and to not break stuff. Every line in /etc/passwd needs a home (see the addition below). And /etc/passwd is something we take as is as part of the Linux system (and not a Debian/Ubuntu specific feature).



                  In the old days syslog-ng was pretty common and that used /home/syslog/ to create a directory in there for each data source type.



                  Before the switch to systemd using rsyslog, storing logs in /var/log/syslog was more common. And systemd uses /run/systemd/journal/syslog.



                  See the man page:



                  /etc/passwd contains one line for each user account, 
                  with seven fields delimited by colons (“:”). These fields are:

                   · login name
                   · optional encrypted password
                   · numerical user ID
                   · numerical group ID
                   · user name or comment field
                   · user home directory
                   · optional user command interpreter


                  The encrypted password and user command interpreter explicitly are mentioned as "optional". So I would assume the others are mandatory.






                  share|improve this answer
















                  Inherited from old times and to not break stuff. Every line in /etc/passwd needs a home (see the addition below). And /etc/passwd is something we take as is as part of the Linux system (and not a Debian/Ubuntu specific feature).



                  In the old days syslog-ng was pretty common and that used /home/syslog/ to create a directory in there for each data source type.



                  Before the switch to systemd using rsyslog, storing logs in /var/log/syslog was more common. And systemd uses /run/systemd/journal/syslog.



                  See the man page:



                  /etc/passwd contains one line for each user account, 
                  with seven fields delimited by colons (“:”). These fields are:

                   · login name
                   · optional encrypted password
                   · numerical user ID
                   · numerical group ID
                   · user name or comment field
                   · user home directory
                   · optional user command interpreter


                  The encrypted password and user command interpreter explicitly are mentioned as "optional". So I would assume the others are mandatory.







                  share|improve this answer















                  share|improve this answer




                  share|improve this answer








                  edited Mar 23 '17 at 13:58

























                  answered Mar 23 '17 at 13:52









                  RinzwindRinzwind

                  224k29 gold badges433 silver badges577 bronze badges




                  224k29 gold badges433 silver badges577 bronze badges


























                      0


















                      In my case the user was possibly created by a malicious crypto mining script, the give away was it was the last user added:



                      ...
                      uml-net:x:114:118::/nonexistent:/bin/false


                      The server was likely infected by this: https://security.stackexchange.com/questions/201263/a-process-called-watchbog-is-mining-crypto-currency-in-our-server-how-do-i-st?noredirect=1&lq=1



                      It also left a ssh publickey login backdoor and various modified cron hooks. Your best bet is to re-install server with latest updates, and revision track /etc/ to help you notice differences - the latter helped me.



                      Some files had user group Debian-exim so likely this server got compromised due to this https://www.linuxtechnews.com/cve-2019-10149-debian-has-released-critical-security-update-for-exim/






                      share|improve this answer
































                        0


















                        In my case the user was possibly created by a malicious crypto mining script, the give away was it was the last user added:



                        ...
                        uml-net:x:114:118::/nonexistent:/bin/false


                        The server was likely infected by this: https://security.stackexchange.com/questions/201263/a-process-called-watchbog-is-mining-crypto-currency-in-our-server-how-do-i-st?noredirect=1&lq=1



                        It also left a ssh publickey login backdoor and various modified cron hooks. Your best bet is to re-install server with latest updates, and revision track /etc/ to help you notice differences - the latter helped me.



                        Some files had user group Debian-exim so likely this server got compromised due to this https://www.linuxtechnews.com/cve-2019-10149-debian-has-released-critical-security-update-for-exim/






                        share|improve this answer






























                          0














                          0










                          0









                          In my case the user was possibly created by a malicious crypto mining script, the give away was it was the last user added:



                          ...
                          uml-net:x:114:118::/nonexistent:/bin/false


                          The server was likely infected by this: https://security.stackexchange.com/questions/201263/a-process-called-watchbog-is-mining-crypto-currency-in-our-server-how-do-i-st?noredirect=1&lq=1



                          It also left a ssh publickey login backdoor and various modified cron hooks. Your best bet is to re-install server with latest updates, and revision track /etc/ to help you notice differences - the latter helped me.



                          Some files had user group Debian-exim so likely this server got compromised due to this https://www.linuxtechnews.com/cve-2019-10149-debian-has-released-critical-security-update-for-exim/






                          share|improve this answer
















                          In my case the user was possibly created by a malicious crypto mining script, the give away was it was the last user added:



                          ...
                          uml-net:x:114:118::/nonexistent:/bin/false


                          The server was likely infected by this: https://security.stackexchange.com/questions/201263/a-process-called-watchbog-is-mining-crypto-currency-in-our-server-how-do-i-st?noredirect=1&lq=1



                          It also left a ssh publickey login backdoor and various modified cron hooks. Your best bet is to re-install server with latest updates, and revision track /etc/ to help you notice differences - the latter helped me.



                          Some files had user group Debian-exim so likely this server got compromised due to this https://www.linuxtechnews.com/cve-2019-10149-debian-has-released-critical-security-update-for-exim/







                          share|improve this answer















                          share|improve this answer




                          share|improve this answer








                          edited Jun 14 at 17:42

























                          answered Jun 14 at 17:08









                          Daniel SokolowskiDaniel Sokolowski

                          11 bronze badge




                          11 bronze badge































                              draft saved

                              draft discarded















































                              Thanks for contributing an answer to Ask Ubuntu!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid


                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.

                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f896040%2fwhy-do-syslog-and-uml-net-have-home-in-etc-passwd%23new-answer', 'question_page');

                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown









                              -

                              Popular posts from this blog

                              Distance measures on a map of a game The 2019 Stack Overflow Developer Survey Results Are Inmin distance in a graphShortest distance path on contour plotHow to plot a tilted map?Finding points outside of a diskDelaunay link distanceAnnulus from GeoDisks: drawing a ring on a mapNegative Correlation DistanceFind distance along a path (GPS coordinates)Finding position at given distance in a GeoPathMathematics behind distance estimation using camera

                              Image
                              Delete all lines which don't have n characters before delimiter How to manage monthly salary Deal with toxic manager when you can't quit Button changing it's text & action. Good or terrible? For what reasons would an animal species NOT cross a *horizontal* land bridge? Why do some words that are not inflected have an umlaut? Are there any other methods to apply to solving simultaneous equations? Does a dangling wire really electrocute me if I'm standing in water? Right tool to dig six foot holes? Is there a symbol for a right arrow with a square in the middle? Can a rogue use sneak attack with weapons that have the thrown property even if they are not thrown? What is the motivation for a law requiring 2 parties to consent for recording a conversation What is the accessibility of a package's `Private` context variables? Is "plugging out" electronic devices an American expression? Is there any way to tell whether the shot is g...
                              Read more

                              How to get a smooth, uniform ParametricPlot of a 2D Region?How to plot a complicated Region?How to exclude a region from ParametricPlotHow discretize a region placing vertices on a specific non-uniform gridHow to transform a Plot or a ParametricPlot into a RegionHow can I get a smooth plot of a bounded region?Smooth ParametricPlot3D with RegionFunction?Smooth border of a region ParametricPlotSmooth region boundarySmooth region plot from list of pointsGet minimum y of a certain x in a region

                              Image
                              Did "2001: A Space Odyssey" make any reference to the names of companies, or show any evidence of the existence of advertisements? Pros and cons of playing correspondence chess How do professors and lecturers learn to teach? Is it OK for a Buddhist teacher to charge their students an hourly rate for their time? Do insurance rates depend on credit scores? Why does California seem to have much more aggressive Consumer Protection and Safety Legislation? Query more than 50000 records Is this medieval picture of hanging 5 royals showing an historical event? Film about the USA being run by fake videos of the president after his kidnapping Is American Express widely accepted in Hong Kong? How many atoms in the hydrocarbon? How do you give spell casters xp? If a picture of a screen is a screenshot, what is a video of a screen? Is there any plausible in-between of Endotherms and Ectotherms? How can we save ourselves from large drops in stock price? How wo...
                              Read more

                              Genealogie vun de Merowenger Vum Merowech bis zum Chilperich I. | Navigatiounsmenü

                              Image
                              Merowenger MëttelalterFrankräich Genealogie vun de Merowenger Vu Wikipedia Op d'Navigatioun wiesselen Op d'Siche wiesselen D' Merowenger waren en Adelsgeschlecht, dat am fréie Mëttelalter a Frankräich geherrscht huet. Vum Merowech bis zum Chilperich I. | Merowech, ëm 451 Childerich I., † 482, als Kinnek vun de Franken 463 an 489 attestéiert, bei Tournai begruewen; ∞ Basina aus Thüringen Clovis I. (Chlodowech, Chlodwig), * 466, † 27. November 511, 482 Kinnek vun de Franken, begruewen an der Apostelkierch zu Paräis; ∞ I NN, eng adleg Fränkin; ∞ II 492/494 Chlothilde (Chrodihild), † 544, Duechter vum Chilperich II., Kinnek vun de Burgunder, begruewen an der Apostelkierch zu Paräis (I) Theuderich I. (Thierry I.), * géint 484, † Enn 533, Kinnek zu Reims 511-533; ∞ I Suavegotta, † virun 566; ∞ II ëm 517 NN, Duechter vum Sigismund...
                              Read more