Securing Users

Language:

At this point, only the initial user who can assume the root role has access to the system. The following tasks are best performed in order before regular users can log in.

Table 2-2 Securing Users Task Map

Task	Description	For Instructions
Require strong passwords and regular password changes.	Strengthens the default password constraints on each system.	How to Set Stronger Password Constraints
Configure restrictive file permissions for regular users.	Sets a more restrictive value than `022` for file permissions for regular users.	How to Set a More Restrictive umask Value for Regular Users.
Set account locking for regular users.	On systems that are not used for administration, sets account locking system-wide and reduces the number of logins that activate the lock.	How to Set Account Locking for Regular Users
Preselect the `cusa` audit class for all users.	Provides better monitoring and recording of potential threats to the system.	How to Audit Significant Events in Addition to Login/Logout
Create roles.	Distributes discrete administrative tasks to several trusted users so that no one user can damage the system. You can use predefined ARMOR roles, create your own roles, or extend ARMOR with your own roles.	Managing User Accounts by Using the CLI in Managing User Accounts and User Environments in Oracle Solaris 11.2 Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.2
Reduce the number of visible GNOME desktop applications.	Prevents users from using desktop applications that can affect security.	See Chapter 11, Disabling Features in the Oracle Solaris Desktop System, in Oracle Solaris 11.2 Desktop Administrator’s Guide .
Limit a user's privileges.	Removes basic privileges that users do not need.	How to Remove Unneeded Basic Privileges From Users