A basic aspect of Linux is its multiuser capability. Consequently, several users can work independently on the same Linux system. Each user has a user account identified by a login name and a personal password for logging in to the system. All users have their own home directories where personal files and configurations are stored.
Create and edit users with root
or NIS users). You can also customize
filter settings by clicking .
To add new users, click
and enter the appropriate data. Complete the addition by clicking . The new user can immediately log in using the newly created login name and password.Disable user login with the corresponding option. Fine-tune user profiles in
. Here, manually set the user ID, home directory, default login shell, and assign the new user to specific groups. Configure the validity of the password in . Click to save all changes.To delete a user, select the user from the list and click
. Then mark whether to delete the home directory and click to confirm.For advanced user administration, use
to define the default settings for the creation of new users. Select the user authentication method (such as NIS, LDAP, Kerberos, or Samba), login settings (only with KDM or GDM), and the algorithm for password encryption. and apply only to local users. provides a configuration overview and the option to configure the client. Advanced client configuration is also possible using this module. After accepting the configuration, return to the initial configuration overview. Click to save all changes without exiting the configuration module.To create and edit groups, select
+ or click in the user administration module. Both dialogs have the same functionality, allowing you to create, edit, or delete groups.The module gives an overview of all groups. As in the user management dialog, change filter settings by clicking
.To add a group, click
and fill in the appropriate data. Select group members from the list by checking the corresponding box. Click to create the group. To edit a group, select the group to edit from the list and click . Make all necessary changes then save them with . To delete a group, simply select it from the list and click . for advanced group management. Find more about these options inTo apply a set of security settings to your entire system, use
+ . These settings include security for booting, login, passwords, user creation, and file permissions. SUSE Linux Enterprise offers three preconfigured security sets: , , and . Modify the defaults with . To create your own scheme, use .The detailed or custom settings include:
To have new passwords checked by the system for security before they are accepted, click
and . Set the minimum password length for newly created users. Define the period for which the password should be valid and how many days in advance an expiration alert should be issued when the user logs in to the text console.Set how the key combination Ctrl-Alt-Del should be interpreted by selecting the desired action. Normally, this combination, when entered in the text console, causes the system to reboot. Do not modify this setting unless your machine or server is publicly accessible and you are afraid someone could carry out this action without authorization. If you select , this key combination causes the system to shut down. With , this key combination is ignored.
If you use the KDE login manager (KDM), set permissions for shutting down the system in
. Give permission to (the system administrator), , , or . If is selected, the system can only be shut down from the text console.
Typically, following a failed login attempt, there is a waiting
period lasting a few seconds before another login is possible. This
makes it more difficult for password sniffers to log in. Optionally
activate /var/log
. To grant other users
access to your graphical login screen over the network, enable
.
Because this access possibility represents a potential security risk,
it is inactive by default.
Every user has a numerical and an alphabetical user ID. The
correlation between these is established using the file
/etc/passwd
and should be as unique as possible.
Using the data in this screen, define the range of numbers assigned
to the numerical part of the user ID when a new user is added. A
minimum of 500 is suitable for users. Automatically generated
system users start with 1000. Proceed in the same way with the
group ID settings.
To use predefined file permission settings, select
, , or . should be sufficient for most users. The setting is extremely restrictive and can serve as the basic level of operation for custom settings. If you select , remember that some programs might not work correctly or even at all, because users no longer have permission to access certain files.
Also set which user should launch the
updatedb program, if installed.
This program, which automatically runs on a daily basis or after
booting, generates a database (locatedb) in which the location of
each file on your computer is stored. If you select
, any user can find only the paths in the
database that can be seen by any other (unprivileged) user. If
root
is selected, all local
files are indexed, because the user
root
, as superuser, may
access all directories. Make sure that the options
and
are
deactivated. Only advanced users should consider using these options
because
these settings may pose a significant security risk if used incorrectly.
To have some control over the system even if it crashes, click
.
Click
to complete your security configuration.Certificates are used for communication and can also be found, for example, on company ID cards. To manage them or import a common server certificate, use Chapter 43, Managing X.509 Certification.
+ . Detailed information about certificates, their technologies, and management with YaST are provided inSuSEfirewall2 can protect your machine against attacks from the Internet. Configure it with Chapter 44, Masquerading and Firewalls.
+ . Find detailed information about SuSEfirewall2 in![]() | Automatic Activation of the Firewall |
---|---|
YaST automatically starts a firewall with suitable settings on every configured network interface. Start this module only if you want to reconfigure the firewall with custom settings or deactivate it. |