Administration

Edit online

Administrators must log in with their personal user account and use the su command to become the root user for the administration of the system.

To effectively prevent guessing the root account's password, allow only authorized administrators to use the su command on the root account. To ensure this, do the following:

Add an entry to the root stanza of the /etc/security/user file as follows:
```
root:
		admin = true
		.
		.
		.
		sugroups = SUADMIN
```
Define group in the /etc/group file containing only the user IDs of authorized administrators as follows:
```
system:!:0:root,paul
staff:!:1:invscout,julie
bin:!:2:root,bin
.
.
.
SUADMIN:!:13:paul
```

Administrators must also adhere to the following procedures:

Establish and implement procedures to ensure that the hardware, software and firmware components that comprise the distributed system are distributed, installed, and configured in a secure manner.
Ensure that the system is configured so that only an administrator can introduce new trusted software into the system.
Implement procedures to ensure that users clear the screen before logging off from serial login devices (for example, IBM® 3151 terminals).