Linux Security HOWTO
: Local Security
: Creating New Accounts
Previous: Local Security
Next: Root Security
4.1. Creating New Accounts
You should make sure you provide user accounts with only the minimal
requirements for the task they need to do. If you provide your son
(age 10) with an account, you might want him to only have access to a
word processor or drawing program, but be unable to delete data that
is not his.
Several good rules of thumb when allowing other people legitimate
access to your Linux machine:
- Give them the minimal amount of privileges they need.
- Be aware when/where they login from, or should be logging in from.
- Make sure you remove inactive accounts, which you can determine by
using the 'last' command and/or checking log files for any activity by
the user.
- The use of the same userid on all computers and networks is advisable
to ease account maintenance, and permits easier analysis of log
data.
- The creation of group user-id's should be absolutely prohibited. User
accounts also provide accountability, and this is not possible with
group accounts.
Many local user accounts that are used in security compromises have
not been used in months or years. Since no one is using
them they, provide the ideal attack vehicle.
Linux Security HOWTO
: Local Security
: Creating New Accounts
Previous: Local Security
Next: Root Security