Chapter5.User Environment Management and Security

Chapter 5. User Environment Management and Security

All process-based activity on a server is governed by the rights and privileges assigned to the user account under which it is running. The preceding chapter discussed how SLES reserves specific ranges of user IDs (UIDs) and group IDs (GIDs) for system accounts, special accounts, and standard user accounts.

In many operating systems, elevated system access is granted through the assignment of rights by the system administrator. If a specific privilege is not granted deliberately, the user account does not experience an elevation in access rights. In Linux, however, an account can obtain intrinsic rights simply by being placed in a specific UID/GID range. Arguably, mistakes can be made in any operating system environment. Attention to detail and proper auditing of account management would catch such mistakes. In the Linux world, a number in the UID or GID field should be verified for two properties: uniqueness and intrinsic rights.

In this chapter, we investigate user access one level beyond the simple granting of an account. Many of the topics covered here allow you, as the system administrator, to restrict users to allowed patterns of usage. Some users may see this as an obstacle to productivity. In most cases, a corporate IT policy dictates many of the guidelines for each restriction. Implementing these options in a proactive way will enhance your capacity for providing a robust and secure environment.