Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 4.3 su: Changing Who You Claim to BeChapter 4
Users, Groups, and the Superuser
Next: 5. The UNIX Filesystem

4.4 Summary

Every account on your UNIX system should have a unique UID. This UID is used by the system to determine access rights to various files and services. Users should have unique UIDs so their actions can be audited and controlled.

Each account also belongs to one or more groups, represented by GIDs. You can use group memberships to designate access to resources shared by more than one user.

Your computer has a special account called root, which has complete control over the system. Be sure to limit who has access to the root account, and routinely check for bad su attempts. If possible, you should have all of the machines on your network log bad su attempts to a specially appointed secure machine. Each computer on your network should have a different superuser password.

Previous: 4.3 su: Changing Who You Claim to BePractical UNIX & Internet SecurityNext: 5. The UNIX Filesystem
4.3 su: Changing Who You Claim to BeBook Index5. The UNIX Filesystem