Security: users created when ports installed

[LordInateur]

Quick question: during the installation of a port, in this case GNOME 2, one of the dependencies created a new user and new group (can't remember the name of the uid or gid). Is there a security risk if someone were trying to log in using the username, or does reserving a uid not necessarily mean that a profile will be created? I'm running FreeBSD 9 in a QEMU environment. Thank you.

 

[ManaHime]

As far as I know, those users are created with "nologin" so you can't login using those accounts.

 

[DutchDaemon]

And they're also password-less.

 

[LordInateur]

That's the part that scares me. But if they are flagged with "nologin" then I suppose there's no point in having a password in any case.

 

[kpa]

Read the passwd(5) manual page, it's all explained there. The conventions for disabling logins for accounts were worked out ages ago and still work as intended.