A basic aspect of Linux is its multiuser capability. Consequently, several users can work independently on the same Linux system. Each user has a user account identified by a login name and a personal password for logging in to the system. All users have their own home directories where personal files and configurations are stored.
Create and edit users with
root or NIS users). You can also customize
filter settings by clicking .
To add new users, clickand enter the appropriate data. Complete the addition by clicking . The new user can immediately log in using the newly created login name and password.
If you are the only user of your system, you can configure autologin. Autologin automatically logs a user into the system after it starts. To activate autologin, select the user from the list of users and click. Then choose and click .
Disable user login with the corresponding option. Fine-tune user profiles in. Here, manually set the user ID, home directory, default login shell, and assign the new user to specific groups. Configure the validity of the password in . Click to save all changes.
To delete a user, select the user from the list and click. Then mark whether to delete the home directory and click to confirm.
For advanced user administration, useto define the default settings for the creation of new users. Select the user authentication method (such as NIS, LDAP, Kerberos, or Samba), login settings (only with KDM or GDM), and the algorithm for password encryption. and apply only to local users. provides a configuration overview and the option to configure the client. Advanced client configuration is also possible using this module. After accepting the configuration, return to the initial configuration overview. Click to save all changes without exiting the configuration module.
To create and edit groups, select+ or click in the user administration module. Both dialogs have the same functionality, allowing you to create, edit, or delete groups.
The module gives an overview of all groups. As in the user management dialog, change filter settings by clicking.
To add a group, clickand fill in the appropriate data. Select group members from the list by checking the corresponding box. Click to create the group. To edit a group, select the group to edit from the list and click . Make all necessary changes then save them with . To delete a group, simply select it from the list and click .
To apply a set of security settings to your entire system, use+ . These settings include security for booting, login, passwords, user creation, and file permissions. SUSE Linux offers three preconfigured security sets: , , and . Modify the defaults with . To create your own scheme, use .
The detailed or custom settings include:
To have new passwords checked by the system for security before they are accepted, clickand . Set the minimum password length for newly created users. Define the period for which the password should be valid and how many days in advance an expiration alert should be issued when the user logs in to the text console.
Set how the key combination Ctrl-Alt-Del should be interpreted by selecting the desired action. Normally, this combination, when entered in the text console, causes the system to reboot. Do not modify this setting unless your machine or server is publicly accessible and you are afraid someone could carry out this action without authorization. If you select , this key combination causes the system to shut down. With , this key combination is ignored.
If you use the KDE login manager (KDM), set permissions for shutting down the system in. Give permission to (the system administrator), , , or . If is selected, the system can only be shut down from the text console.
Typically, following a failed login attempt, there is a
waiting period lasting a few seconds before another login is
possible. This makes it more difficult for password sniffers to
log in. Optionally activate
/var/log. To grant other users access to
your graphical login screen over the network, enable
. Because this
access possibility represents a potential security risk, it is
inactive by default.
Every user has a numerical and an alphabetical user ID. The
correlation between these is established using the file
/etc/passwd and should be as unique as
possible. Using the data in this screen, define the range of
numbers assigned to the numerical part of the user ID when a new
user is added. A minimum of 500 is suitable for users.
Automatically generated system users start with 1000. Proceed in
the same way with the group ID settings.
To use predefined file permission settings, select, , or . should be sufficient for most users. The setting is extremely restrictive and can serve as the basic level of operation for custom settings. If you select , remember that some programs might not work correctly or even at all, because users no longer have permission to access certain files.
Also set which user should launch the
updatedb program, if installed. This program,
which automatically runs on a daily basis or after booting,
generates a database (locatedb) in which the location of each
file on your computer is stored. If you select
, any user can find only the paths in
the database that can be seen by any other (unprivileged) user.
root is selected,
all local files are indexed, because the user
root, as superuser, may access all
directories. Make sure that the options and are deactivated.
Only advanced users should consider using these options because
these settings may pose a significant security risk if used
incorrectly. To have some control over the system even if it
crashes, click .
Clickto complete your security configuration.
SuSEfirewall2 can protect your machine against attacks from the Internet. Configure it with+ .
|Automatic Activation of the Firewall|
YaST automatically starts a firewall with suitable settings on every configured network interface. Start this module only if you want to reconfigure the firewall with custom settings or deactivate it.