Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Unix: Tracking down ghost accounts

Feb 04, 2014, 09:00 (1 Talkback[s])
(Other stories by Sandra Henry-Stocker)

One of the long recognized vulnerabilities on Unix systems is the problem of accounts that should have been shut down years ago but, due to some oversight, were left open well after the account "owner" left the company or moved on to other job responsibilities. For Unix systems that are set up with account expiration, the security risks that these accounts convey is limited. Within the 3-6 months following the change in the account owner's status, the accounts should be locked automatically by the system.

Of course 3-6 is a long time for an account to be open when it shouldn't be, especially if the former user was laid off, left to work for a competitor, or might have shared his/her password or used the same password on numerous accounts. Systems administrators are not always in the loop when staff leave the company for various reasons. So, accounts that should be locked or removed immediately may be left open for months or years after the user has disappeared. I have run into some of these myself over the years. Some should-have-been-locked accounts were still available on servers 8-10 years after their users' departures. Sometimes, this was because no one periodically checked on the existing accounts. Other times, the admins didn't remove accounts that they didn't recognize, fearing that they'd be causing problems for someone if they did.

Complete Story

Related Stories: