When asked about security on a multi-user Linux system, a wise man once said "everyone is root if you allow them to login as a user." There is plenty of truth in that, but embracing imminent compromise isn't always acceptable. Let's take a look at how you can limit your exposure while letting unknown and untrusted users login with a shell.

There are two groups of people who typically want to heavily restrict login users. First, the collaborators: possibly two separate organizations that have been forced to work together. Second, people who wish to allow some shady characters access to a shell but believe they may attempt to compromise security. If at all possible, the best policy is to simply not give access out, and if you do, make sure patches are applied daily.

The link for this article located at Enterprise Networking is no longer available.