"When asked about security on a multi-user Linux system, a wise
man once said 'everyone is root if you allow them to login as a
user.' There is plenty of truth in that, but embracing imminent
compromise isn't always acceptable. Let's take a look at how you
can limit your exposure while letting unknown and untrusted users
login with a shell.
"There are two groups of people who typically want to heavily
restrict login users. First, the collaborators: possibly two
separate organizations that have been forced to work together.
Second, people who wish to allow some shady characters access to a
shell but believe they may attempt to compromise security. If at
all possible, the best policy is to simply not give access out, and
if you do, make sure patches are applied daily..."