5.5 Summary

Every account on your Unix system should have a unique UID. This UID is used by the system to determine access rights to various files and services. Users should have unique UIDs so their actions can be audited and controlled.

Each account also belongs to one or more groups, represented by GIDs. You can use group memberships to designate access to resources shared by more than one user.

Your computer has a special account called root, which has complete control over the system. Be sure to limit who has access to the root account, and routinely check for bad su attempts. If possible, you should have all of the machines on your network log bad su attempts to a specially appointed secure machine. Each computer on your network should have a different superuser password.

Some versions of Unix have additional security measures to help contain damage if the root account is compromised, or if privileged processes are subverted. You should learn about the mechanisms present in your version of Unix. Thereafter, you should use them when possible, or at the least, not turn them off by accident!