5.5 Summary
Every account on your Unix system should have a unique UID. This UID
is used by the system to determine access rights to various files and
services. Users should have unique UIDs so their actions can be
audited and controlled.
Each account also belongs to one or more groups, represented by GIDs.
You can use group memberships to designate access to resources shared
by more than one user.
Your computer has a special account called root,
which has complete control over the system. Be sure to limit who has
access to the root account, and routinely check
for bad su attempts. If possible, you should
have all of the machines on your network log bad
su attempts to a specially appointed secure
machine. Each computer on your network should have a different
superuser password.
Some versions of Unix have additional security measures to help
contain damage if the root account is
compromised, or if privileged processes are subverted. You should
learn about the mechanisms present in your version of Unix.
Thereafter, you should use them when possible, or at the least, not
turn them off by accident!
|