Christopher J. Pace is a freelance Linux consultant who has worked with Linux since 2001. He provides remote Linux support for Linux servers, supporting a variety of Linux software solutions.
Working as a freelance Linux consultant, I see a lot of my clients struggle with the problem of access control on a Linux server. Access control restrictions are the basic process of assigning limited user accounts to consultants or employees on your Linux server. It may seem like access control is not a big problem for most people (a common argument that I hear is that my clients trust their consultants or employees), but access control restrictions exist for purposes other than keeping people honest.
Access control restrictions on a Linux server are necessary to prevent intentional or accidental damage to your server (every system administrator can tell a story of how one command ran unexpectedly). In addition, access control restrictions help to protect sensitive information (passwords of others, credit card information, etc) from being accidentally or maliciously used. An example of how someone can accidentally misuse sensitive information is in the case of backups. If a coder is working on your server, and creates a backup of the database for your Wordpress database, he or she might decide to make a backup of the entire database server. In doing so, the coder might transfer that backup to an insecure off-site location (which then is compromised if the data is copied over an insecure file transfer method), or the coder might copy the database backup to a location that all users and applications can access (such as /tmp). This would result in the potential for an outside attacker to now have all of your databases (which might contain information such as credit card numbers).
Another valid example of how access control restrictions are necessary is the example of a software malfunction destroying data. If a software application runs at a higher privilege level than necessary (be it at the file system or database level), this increases the odds of a software malfunction causing problems with your server. Let's face it- no one wants a malfunctioning PHP script to drop or corrupt all of the databases on your server. Whereas all information should be backed up regularly anyways, it is an unnecessary risk.
Once you have determined a need for controlling access to a Linux server, there are many different ways to accomplish this:
* Use sudo for privilege escalation, and assign every coder or consultant their own user accounts. Disable root login via SSH, and add all consultants or coders to the same user group. Finally, change the permissions on the web document root directory to allow all members of the group write access.
* Log all connections via SSH and FTP, to ensure that outside consultants or employees are not logging onto the server when they are not supposed to be working on a project.
* For a database server, create new user accounts for each separate database. This will reduce the damage that an application or malicious user can do to your database server, if a single database application is compromised.
* For temporary accounts or consultant accounts (that are not needed unless assistance is requested), be sure to disable the accounts once access is no longer required.
* For all user accounts, require a password that is not found in any dictionary, and enforce a password length of at least eight characters.
Once you have determined the need for access control restrictions, and have implemented them on your server, you can rest well at night knowing that your server will be safe and sound. Without access control restrictions actively enforced, your Linux server may not be so safe and sound.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Access Control Restrictions: Best Practices on a Linux Server
- Linux Server Hosting is Best for the Small Business Owners
- Basic Advantages of Linux Server Hosting and Windows Server Hosting
- The Advantages Of Linux Server Hosting
- The Advantages Of Linux Server Hosting
- Advantages of Linux Server and Windows Server Hosting
- Compare Linux Server Hosting And Windows Server Hosting
- Six Steps to a More Secure Linux Server
Fix Runtime Error 482 With Registry Cleaner
By: Franck Lin | 10/11/2009One can tackle runtime error 482 by using registry cleaner. A registry cleaner is one of the most effective ways of ensuring that any problems with the registry are taken care of, in terms of unnecessary items and aspects that clog and deactivate the proper running of the registry due to errors like runtime error 482.
Fix Ntfs.sys Blue Screen With Registry Cleaner
By: Franck Lin | 10/11/2009What Causes Ntfs.sys Blue Screen?Ntfs.sys Blue Screen can be caused by a lot of reasons, but an invalid and corrupted registry entry is one of the most common causes for this problem.
Fix Windows Update 0x80072ee7 Error With Registry Cleaner
By: Franck Lin | 10/11/2009Windows Update is a software designed to help keep your operating system, as well as its installed components, current and secure. It is done by automatically downloading and installing the latest security and feature updates from Microsoft.When the windows update 0x80072ee7 error appears, it is most probable that the problem lies in the Windows registry.
Improving your computer with CCleaner
By: Mark Kelly | 09/11/2009This article will inform you on the advantages of cleaning your computer using the free software CCleaner.
Improving the preformance of your PC
By: Mark Kelly | 09/11/2009This article gives you the reasons why you need to defrag your computers hard disk and lets you know how to do it. The people at iPing really do know how to provide total network piece of mind
How to Get Windows 7 – Fast
By: Eric Philips | 09/11/2009By now, most of us have known the versatility of Windows 7 Operating Systems in terms of performance and functionalities. Now, the only thing that remains is how to get it, not just getting it but, getting it FAST. That is what this article is all about.
How a Windows Cleanup Will Speed Up Your Computer
By: Amit Mehta | 05/11/2009If you’re looking for an easy manual way to speed up your computer, a Windows cleanup is the way to go. Just follow these two easy steps to see how a Windows cleanup will speed up your computer.
Fix Stop 0x0000008E Error With Registry Cleaner
By: Franck Lin | 04/11/2009Fix Stop 0x0000008E Error with registry cleaner will become easy if you understand in the first place why this kind of error appears on your screen. It is possible during working on the system you would have installed, either by downloading from the internet or otherwise some software which are incompatible to your windows operating system.
Leading Through Turbulent Times
By: Christopher Pace | 11/10/2009 | LeadershipTurbulent times, such as today, can stretch organizations to the max. People get scared, the environment seems unpredictable, and sometime we can't really see where we are going. In these times, there are five keys to leading your organization to the other side.
Estimating the Scope and Impact of Potential Changes
By: Christopher Pace | 11/10/2009 | LeadershipAt this stage of the process, estimating the scope of the potential change is probably an intuitive piece of work. You want to invite creative thinking but not to generate reams of junk. The players won't have much tolerance for that. Also, you don't want to zero in on a specific "fix" just yet, but there still has to be sufficient reality and credibility in this judgment to complete the work of Task I.
Application of the Ten Tasks Model
By: Christopher Pace | 11/10/2009 | LeadershipHow much rigor and attention you must pay to each item listed under each of the ten tasks will depend on its relevance for the situation and the magnitude of the changes you face. For example, in a technology change, the more business process boundaries crossed, the greater the change of skills and knowledge demanded, the larger the impact on collateral systems, and the deeper the impact on culture and careers of the workforce, the more formal attention you must pay to the ten tasks.
Managing Transitions
By: Christopher Pace | 10/10/2009 | Team BuildingAn excerpt from Jeff Evan's book, The Ten Tasks of Change: By this stage in a change effort, if you have been following the Ten Tasks, much of the organization's population has been involved in one way or another. The last few months have probably been dedicated to establishing the new design, planning its implementation, and staffing it. The work to date has specified clearly what is necessary to preserve the integrity of the new system and set the minimum critical specifications for t
Identifying Realistic Metrics for Categories
By: Christopher Pace | 10/10/2009 | LeadershipExcerpt from Jeff Evan's book, Ten Tasks of Change
Phases Two and Three of Organizational Change
By: Christopher Pace | 10/10/2009 | LeadershipExcerpt from Jeff Evan's Book, Ten Tasks of Change After the dust has settled, move on to the second phase, beginning to put more detail into the design concept.
Choosing A Linux Host
By: Christopher Pace | 18/09/2009 | Operating SystemsChoosing a Linux host provider can be one of the biggest decisions that you make with an online business or website. Given the current rate of unreliable hosting operations, it is difficult to find a reputable, professional Linux host that doesn't charge an arm and a leg.
5 Linux VPS Performance Tips
By: Christopher Pace | 02/08/2009 | Operating SystemsAs a freelance Linux consultant, many of my clients are often interested in making their VPS (Virtual Private Server) as responsive as possible. Since VPS servers by nature have somewhat limited system resources (often less than 1 GB of RAM), getting the best VPS performance can be a crucial part of running a successful server.