2
I'm preparing to expose my server to the internet and would like to be as secure as I can be. I've taken security through obscurity measures such as changing from the default port 22, I've made sure root login is disabled, and I'm looking over who can log in. This final part is what has me slightly concerned:
I understand any login directed to /bin/false or /usr/sbin/nologin will be either refused or immediately exited. So I know not to worry about these. However, when running the command:
cat /etc/passwd | grep -v /bin/false | grep -v /usr/sbin/nologin
I get the following output:
root:x:0:0:root:/root:/bin/bash
sync:x:4:65534:sync:/bin:/bin/sync
will:x:1000:1000:will,,,:/home/will:/bin/bash
I've been trying to look up what sync is used by or how it works to no avail. I assume there likely isn't an entry point from remote logins to the user 'sync' but... What is this? Do I need to need to do anything to ensure it isn't a security risk and what is it used for?
I actually saw this post early on in my search but didn't fully make the connection to /bin/sync being completely insignificant. I believe I was thrown off by the placement of the quote in the responses first paragraph, and your explanation drew it out in a way a complete beginner could understand. – Will – 2020-01-12T19:06:25.227