[ale] Security best practice - Remove or disable user accounts?
Jim Kinney
jim.kinney at gmail.com
Thu Aug 7 15:55:20 EDT 2008
"Hang on to yer heatsinks! It's time fer an upgrade!"
2008/8/7 Michael B. Trausch <mike at trausch.us>
> On Thu, 2008-08-07 at 12:50 -0400, Greg Freemyer wrote:
> > As to the actual user accounts, by disabling them you ensure the user
> > id is not re-used. Thus if you have logs etc. that track employee
> > activity by user id you can be assured that uid NNN is the same person
> > over time. If you delete the account and the uid gets re-issued, you
> > lose that one-to-one relationship.
>
> Yes, but this becomes impractical on systems where you only have, say,
> 32K or 64K unique UIDs that can be used for the lifetime of the system.
> You're not likely to actually *have* to purge accounts if you have some
> larger number of available user IDs---say, 2^32 worth of them, as some
> modern systems can provide.
>
> --- Mike
>
> --
> My sigfile ran away and is on hiatus.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
--
--
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080807/c578cb85/attachment-0001.html
More information about the Ale
mailing list