Enterprise Networking Planet: Keep a Lid on Linux Logins

"When asked about security on a multi-user Linux system, a wise man once said 'everyone is root if you allow them to login as a user.' There is plenty of truth in that, but embracing imminent compromise isn't always acceptable. Let's take a look at how you can limit your exposure while letting unknown and untrusted users login with a shell.

"There are two groups of people who typically want to heavily restrict login users. First, the collaborators: possibly two separate organizations that have been forced to work together. Second, people who wish to allow some shady characters access to a shell but believe they may attempt to compromise security. If at all possible, the best policy is to simply not give access out, and if you do, make sure patches are applied daily..."

Complete Story

Related Stories:

• Linux.com: CLI Magic: Using Script to Log Your Sessions(May 02, 2006)
• Linux.com: Advanced Linux LDAP Authentication(Oct 28, 2005)
• Linux.com: Limiting Linux Logins(Aug 18, 2005)
• Linux.com: SysAdmin to SysAdmin: Parallel I/O for Clusters Using PVFS(Dec 16, 2004)