[ale] Security best practice - Remove or disable user accounts?
Michael B. Trausch
mike at trausch.us
Thu Aug 7 15:07:37 EDT 2008
On Thu, 2008-08-07 at 12:50 -0400, Greg Freemyer wrote:
> As to the actual user accounts, by disabling them you ensure the user
> id is not re-used. Thus if you have logs etc. that track employee
> activity by user id you can be assured that uid NNN is the same person
> over time. If you delete the account and the uid gets re-issued, you
> lose that one-to-one relationship.
Yes, but this becomes impractical on systems where you only have, say,
32K or 64K unique UIDs that can be used for the lifetime of the system.
You're not likely to actually *have* to purge accounts if you have some
larger number of available user IDs---say, 2^32 worth of them, as some
modern systems can provide.
--- Mike
--
My sigfile ran away and is on hiatus.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080807/5d49cce9/attachment.bin
More information about the Ale
mailing list