Is there any documentation for system users/accounts with a detailed description of their purpose and requirement? I have been unsuccessful in locating anything regarding this information for a security audit.
You are referring to accounts like root, bin, daemon, adm, lp, sync, operator, gopher, rpcuser, and such? Usually, user accounts start at uid 500, and ones below that (mostly below 100) are system accounts. Some of them have some description in /etc/passwd, and some do not. To determine the default system accounts and groups, you can install a clean system in a virtual machine and look at /etc/passwd and /etc/group. When you install system add-on components such as Samba, you will get more system accounts set up, such as smbprint for Samba print services. Sorry, but I don't know all of them, or what they do, though I can surmise from the names found. Have you looked on either the Linux kernel or Linux documentation project web sites? If not, here is where you can find them:
Originally Posted by Theresa Seiber
The Linux Kernel Archives
The Linux Documentation Project
You can find a lot of this sort of information there.