Classnotes | UNIX03 | RecentChanges | Preferences As discussed before, each account is a possible entry point into the system. Imagine, for a moment, that you realize your system has been compromized and you must send a message to everyone to change their passwords immediately. A stale account's password will not change and will still be vulnerable.
Be sure to remove unused and stale accounts as soon as they are no longer needed. If the account has data that needs to be reassigned, disable the account by placing a "*" or "!!" in the second field for it in /etc/passwd. You may additionally want to disable the shell by changing it from /bin/sh to something nonexistant like /bin/false. After this, get things moved as soon as possible.
You also want to be certain that they do not own anything else on the system. You need to reassign everything to some other user. Why do we need to be so paranoid? As we learned last class, Unix accounts are deliminated by the operating system as numbers (UIDs). When a user account is deleted, their UID becomes available for another account. If you are not careful when adding more users, new accounts may be reassigned their UID. If the previous user still owns data on the system, that data is now owned by the new user. The previous user's data may be of a personal nature (mail spools, personal correspondence, cookies with credit card numbers, etc) or it may be something of a confidential nature (payroll, business accounting, etc.). In other situations, new system accounts may even be created (automatically, even, by some install scripts) which may or may not expose the data to the outside world (imagine an ex-employee's mail spool becoming publically accessable from the world wide web since Apache now owns it).
