User Management

Vincent Danen

March 25, 2008

The management of users on a system can be... interesting, depending on a number of different factors. For some systems, like a home system with one or two users, it's pretty straightforward. When you start moving into larger networks, or servers with hundreds of users, user management can be a little difficult.

This can be mitigated, of course, by using some sensible tools and methods of managing users. For instance, you can use tools like NIS+ or LDAP for user authentication across multiple machines. But there is more to user management than just the base authentication system (be it local, NIS, NIS+, LDAP, etc.). Other items to consider include password mangement and enforcement (ie. enforcing a base type of password so that no user can make a password too weak), user access on systems, group management, chroot environments, and more.

Managing users can be a fine art, depending on your needs and complexity. While hardening the system to protect from unauthorized users is extremely important, equally important is hardening the system to protect from authorized users. Users with shell, FTP, etc. access can be just as malicious or motivated as those who are trying to get access to begin with. The only difference is authorized users have a legitimate reason for being on the system. That doesn't mean, however, that they have a legitimate reason for tampering with it, or viewing documents, files, or directories that they have no business looking at.

Here we will discuss a variety of topics related to user management, from distributed user authentication to the use and customization of PAM (Pluggable Authentication Modules), password enforcement, and so forth.