| Red Hat Linux 7.1: The Official Red Hat Linux Reference Guide |
|---|
| Prev | | Next |
System security relies heavily on users or groups not being able to do more
than they should, according to a common security policy. Most of the
day-to-day changes concerned with controlling access and privileges
revolves around properly using users and groups. (See Chapter 2 for more information on properly creating and
configuring users and groups.)
However, many organizations using Red Hat Linux have particular guidelines or work
environments that require tighter security or special configurations
for enhanced or restricted access to applications or system devices. This
section discusses a few ways you can tweak your system to provide an
appropriate level of access and privileges for your users based on your
situation.
If you are in a multiuser environment and not using PAM or Kerberos,
you should consider using Shadow Utilities (also
known as shadow passwords) for the enhanced
protection offered for your system's authentication files. During the
installation of Red Hat Linux, shadow password protection for your system is
enabled by default, as are MD5 passwords (an
alternative and arguably more secure method of encrypting passwords for
storage on your system).
Shadow passwords offer a few distinct advantages over the previous
standard of storing passwords on UNIX and Linux systems, including:
Improved system security by moving the encrypted passwords (normally
found in /etc/passwd) to
/etc/shadow which is readable only by root
Information concerning password aging (how long it has been since a
password was last changed)
Control over how long a password can remain unchanged before the user
is required to change it
The ability to use the /etc/login.defs file to
enforce a security policy, especially concerning password aging
The shadow-utils package contains a number of
utilities that support:
Conversion from normal to shadow passwords and back
(pwconv, pwunconv)
Verification of the password, group, and associated shadow files
(pwck, grpck)
Industry-standard methods of adding, deleting and modifying user
accounts (useradd, usermod,
and userdel)
Industry-standard methods of adding, deleting, and modifying user
groups (groupadd, groupmod,
and groupdel)
Industry-standard method of administering the
/etc/group file using
gpasswd
 | Note |
|---|
| | There are some additional points of interest concerning these
utilities:
The utilities will work properly whether shadowing is enabled or
not.
The utilities have been slightly modified to support Red Hat's
user private group scheme. For a description of the
modifications, see the useradd man
page. For more information on user private groups, turn
to the section called User Private Groups in Chapter 2.
The adduser script has been replaced with a
symbolic link to /usr/sbin/useradd.
The tools in the shadow-utils package are
not Kerberos or LDAP enabled. New users will be local only. For
more information on Kerberos and LDAP, see Chapter 9 and Chapter 4.
|
| Prev | Home | Next | | Requiring SSH for Remote Connections | Up | Configuring Console Access |
|
Network sites:
|
|
Active-Domain.com offers cheap domain registration, domain name transfer and domain search services |
| |
| Cheap domain registrar : cheap domain
name registration and domain transfer |
| |
|
|
