Setup guide
UNCLASSIFIED
Chapter 6 -
Future Guidance
Chapter
5
Configuring User Accounts
Once the first administrator account and the root account are securely configured,
additional user accounts may be created. This chapter describes the process of
creating and configuring new user accounts.
Note that some of the instructions in this chapter are repeated from previous
chapters. This is because the system should be completely secured before creating
and securing individual user accounts. Some of the steps performed in securing the
system must be repeated for each new user on the system. The steps are repeated in
this chapter so the administrator will not have to skip through the guide to find the
appropriate steps to perform.
Guidelines for Creating Accounts
Accounts should never be shared. Each user should have his own individual
account, and each system administrator should have his own administrative
account. Each administrator should also have a regular user account for normal
activities, and should use his administrative account only for administrative
activities. Reasons for these guidelines include:
• Individual accounts are necessary to maintain accountability. System logs can
track activities of each user account, but if an account is shared among several
users it may be impossible to determine which user performed a certain
activity.
• If all administrators share a single administrative account, it may be
impossible to determine which administrator performed a specific system
change.
• If a shared account is compromised, it will likely take longer to notice that
compromise, if it is ever noticed. Each user sharing an account may mistake
malicious actions as those of another legitimate user of the account.
• Requiring administrators to have a personal account for individual use and an
administrative account for administrative purposes reduces the risk of the
administrator inadvertently making system configuration changes while
performing normal non-administrative tasks.
UNCLASSIFIED
61