next up previous contents index
Next: 4.1.4 Setting the rules Up: 4.1 About RootHats, Previous: 4.1.2 Abusing the system

4.1.3 Dealing with users

        UNIX security is rather lax by design. Security on the system was an afterthought---the system was originally developed in an environment where users intruding upon other users was simply unheard of. Because of this, even with security measures, there is still the ability for normal users to do harm.

System administrators can take two stances when dealing with abusive users: they can be either paranoid or trusting. The paranoid system administrator usually causes more harm than he or she prevents. One of my favorite sayings is, ``Never attribute to malice anything which can be attributed to stupidity.'' Put another way, most users don't have the ability or knowledge to do real harm on the system. 90% of the time, when a user is causing trouble on the system (by, for instance, filling up the user partition with large files, or running multiple instances of a large program), the user is simply unaware that what he or she is doing is a problem. I have come down on users who were causing a great deal of trouble, but they were simply acting out of ignorance---not malice.

When you deal with users who are causing potential trouble, don't be accusative. The old rule of ``innocent until proven guilty'' still holds. It is best to simply talk to the user, and question about the trouble, instead of causing a confrontation. The last thing you want to do is be on the user's bad side. This will raise a lot of suspicion about you---the system administrator---running the system correctly. If a user believes that you distrust or dislike them, they might accuse you of deleting files or breaching privacy on the system. This is certainly not the kind of position that you want to be in.

If you do find that a user has been attempting to ``crack'' the system, or was intentionally doing harm to the system, don't return the malicious behavior with malice of your own. Instead, simply provide a warning---but be flexible. In many cases, you may catch a user ``in the act'' of doing harm to the system---give them a warning. Tell them not to let it happen again. However, if you do catch them causing harm again, be absolutely sure that it is intentional. I can't even begin to describe the number of cases where it appeared as though a user was causing trouble, when in fact it was either an accident or a fault of my own.

next up previous contents index
Next: 4.1.4 Setting the rules Up: 4.1 About RootHats, Previous: 4.1.2 Abusing the system

Matt Welsh
[email protected]