This one can log in,
this other can get email;
never give out root.
While computer attacks over the Internet are the sort of network intrusions that are publicized widely, the greatest security threats often come from a system's own users. More companies lose vital data thanks to disaffected or incompetent employees than outside intruders — and incompetence is by far the most common of the two. Giving all users unrestricted access to the system is not only a bad idea for security reasons, but it will quickly result in an unstable environment as each user makes conflicting changes and diverts resources toward their own ends.
One of the most common tasks for a systems administrator is adding, removing, and modifying user accounts. Despite what you might have learned from the Bastard Operator From Hell, the system exists for the users. Proper creation and management of user accounts is absolutely necessary. In this chapter we will discuss creating, adding, and editing user accounts, how to give groups of users access to different parts of the system, proper use of the root password, and how to entirely avoid using the root password.