Christopher J. Pace is a freelance Linux consultant who has worked with Linux since 2001. He provides remote Linux support for Linux servers, supporting a variety of Linux software solutions.
Working as a freelance Linux consultant, I see a lot of my clients struggle with the problem of access control on a Linux server. Access control restrictions are the basic process of assigning limited user accounts to consultants or employees on your Linux server. It may seem like access control is not a big problem for most people (a common argument that I hear is that my clients trust their consultants or employees), but access control restrictions exist for purposes other than keeping people honest.
Access control restrictions on a Linux server are necessary to prevent intentional or accidental damage to your server (every system administrator can tell a story of how one command ran unexpectedly). In addition, access control restrictions help to protect sensitive information (passwords of others, credit card information, etc) from being accidentally or maliciously used. An example of how someone can accidentally misuse sensitive information is in the case of backups. If a coder is working on your server, and creates a backup of the database for your Wordpress database, he or she might decide to make a backup of the entire database server. In doing so, the coder might transfer that backup to an insecure off-site location (which then is compromised if the data is copied over an insecure file transfer method), or the coder might copy the database backup to a location that all users and applications can access (such as /tmp). This would result in the potential for an outside attacker to now have all of your databases (which might contain information such as credit card numbers).
Another valid example of how access control restrictions are necessary is the example of a software malfunction destroying data. If a software application runs at a higher privilege level than necessary (be it at the file system or database level), this increases the odds of a software malfunction causing problems with your server. Let's face it- no one wants a malfunctioning PHP script to drop or corrupt all of the databases on your server. Whereas all information should be backed up regularly anyways, it is an unnecessary risk.
Once you have determined a need for controlling access to a Linux server, there are many different ways to accomplish this:
* Use sudo for privilege escalation, and assign every coder or consultant their own user accounts. Disable root login via SSH, and add all consultants or coders to the same user group. Finally, change the permissions on the web document root directory to allow all members of the group write access.
* Log all connections via SSH and FTP, to ensure that outside consultants or employees are not logging onto the server when they are not supposed to be working on a project.
* For a database server, create new user accounts for each separate database. This will reduce the damage that an application or malicious user can do to your database server, if a single database application is compromised.
* For temporary accounts or consultant accounts (that are not needed unless assistance is requested), be sure to disable the accounts once access is no longer required.
* For all user accounts, require a password that is not found in any dictionary, and enforce a password length of at least eight characters.
Once you have determined the need for access control restrictions, and have implemented them on your server, you can rest well at night knowing that your server will be safe and sound. Without access control restrictions actively enforced, your Linux server may not be so safe and sound.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Access Control Restrictions: Best Practices on a Linux Server
- Linux Server Hosting is Best for the Small Business Owners
- Basic Advantages of Linux Server Hosting and Windows Server Hosting
- The Advantages Of Linux Server Hosting
- The Advantages Of Linux Server Hosting
- Advantages of Linux Server and Windows Server Hosting
- Server Security- Understanding the Reasons with Possible Error Rectifying Measures
- Compare Linux Server Hosting And Windows Server Hosting
Fix Vista Error 0xc0000142 With Registry Cleaner
By: Franck Lin | 22/12/2009You can fix vista error 0xc0000142, without difficulty. By searching the internet for relevant patches to the software you can download and repair the error. You can get them in the manufacturers' website, or you can upgrade the software you are trying to run. Make sure viruses have not infected your computer, as the viruses can also affect your system.
Fix Stop Blue Screen Error With Registry Cleaner
By: Franck Lin | 22/12/2009Fixing stop blue screen error is easy to do with registry cleaner. If you scan your computer it will detect the errors in your registry and safely remove them.
Fix Outlook 0x800CCC7D Error With Registry Cleaner
By: Franck Lin | 22/12/2009Aside from resolving the Outlook 0x800CCC7D error, a registry cleaner also fine tunes your computer and enhances its performance. You have not just gotten rid yourself of an exasperating computer error, but you've also gotten a computer that runs like the first time that you bought it.
Windows Operating System
By: Nick Gray | 22/12/2009Mostly people are familiar with windows operating system. Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows 7 is the latest operating system developed by Microsoft Corporation.
Add sparkles to your PC Logon Screen with Windows 7
By: James | 22/12/2009With Christmas bells ringing you might want to change your default PC Logon screen and add a little glitter to it. This festive season, your wish comes to fulfillment. The new Windows7 Logon Screen changer provides you with a never before option to customize the default setup of your PC screen and all these in a few easy to follow steps.
Setup E-mail Account with Windows 7 easily
By: John Mathew | 22/12/2009Email is one of the most quick and inexpensive mode of communication that lets you do things that your telephone can't do. Windows 7 makes it easier. In case, you have not sent an email in past, this article might help you in composing and setup email rules sending your mail.
Irritated by Windows Vista, Hooked Up With Windows 7 - The Microsoft Starlet
By: George Cullen | 21/12/2009The release of windows 7 earned a great applaud from media as well as software buffs. The article tries to explore the latest offering Windows 7 from Microsoft.
Tips to Speed Up Your Windows 7 Experience
By: George Cullen | 21/12/2009The article provides you with tips to speed up your windows experience. There are some keyword shortcuts that you can use to make the things accessible at fast pace. Read the article to explore more on the topic
Leading Through Turbulent Times
By: Christopher Pace | 11/10/2009 | LeadershipTurbulent times, such as today, can stretch organizations to the max. People get scared, the environment seems unpredictable, and sometime we can't really see where we are going. In these times, there are five keys to leading your organization to the other side.
Estimating the Scope and Impact of Potential Changes
By: Christopher Pace | 11/10/2009 | LeadershipAt this stage of the process, estimating the scope of the potential change is probably an intuitive piece of work. You want to invite creative thinking but not to generate reams of junk. The players won't have much tolerance for that. Also, you don't want to zero in on a specific "fix" just yet, but there still has to be sufficient reality and credibility in this judgment to complete the work of Task I.
Application of the Ten Tasks Model
By: Christopher Pace | 11/10/2009 | LeadershipHow much rigor and attention you must pay to each item listed under each of the ten tasks will depend on its relevance for the situation and the magnitude of the changes you face. For example, in a technology change, the more business process boundaries crossed, the greater the change of skills and knowledge demanded, the larger the impact on collateral systems, and the deeper the impact on culture and careers of the workforce, the more formal attention you must pay to the ten tasks.
Managing Transitions
By: Christopher Pace | 10/10/2009 | Team BuildingAn excerpt from Jeff Evan's book, The Ten Tasks of Change: By this stage in a change effort, if you have been following the Ten Tasks, much of the organization's population has been involved in one way or another. The last few months have probably been dedicated to establishing the new design, planning its implementation, and staffing it. The work to date has specified clearly what is necessary to preserve the integrity of the new system and set the minimum critical specifications for t
Identifying Realistic Metrics for Categories
By: Christopher Pace | 10/10/2009 | LeadershipExcerpt from Jeff Evan's book, Ten Tasks of Change
Phases Two and Three of Organizational Change
By: Christopher Pace | 10/10/2009 | LeadershipExcerpt from Jeff Evan's Book, Ten Tasks of Change After the dust has settled, move on to the second phase, beginning to put more detail into the design concept.
Choosing A Linux Host
By: Christopher Pace | 18/09/2009 | Operating SystemsChoosing a Linux host provider can be one of the biggest decisions that you make with an online business or website. Given the current rate of unreliable hosting operations, it is difficult to find a reputable, professional Linux host that doesn't charge an arm and a leg.
5 Linux VPS Performance Tips
By: Christopher Pace | 02/08/2009 | Operating SystemsAs a freelance Linux consultant, many of my clients are often interested in making their VPS (Virtual Private Server) as responsive as possible. Since VPS servers by nature have somewhat limited system resources (often less than 1 GB of RAM), getting the best VPS performance can be a crucial part of running a successful server.