Linux Security HOWTO
: Local Security
: Creating New Accounts
Previous: Local Security
Next: Root Security
4.1. Creating New Accounts
You should make sure you provide user accounts with only the minimal
requirements for the task they need to do. If you provide your son
(age 10) with an account, you might want him to only have access to a
word processor or drawing program, but be unable to delete data that
is not his.
Several good rules of thumb when allowing other people legitimate
access to your Linux machine:
- Give them the minimal amount of privileges they need.
- Be aware when/where they login from, or should be logging in from.
- Make sure you remove inactive accounts
- The use of the same userid on all computers and networks is advisable
to ease account maintence, and permits easier analysis of log
data.
- The creation of group userid's should be absolutely prohibited. User
accounts also provide accountability, and this is not possible with
group accounts.
Many local user accounts that are used in security compromises have
not been used in months or years. Since no one is using
them they, provide the ideal attack vehicle.
Linux Security HOWTO
: Local Security
: Creating New Accounts
Previous: Local Security
Next: Root Security