Problem Statement
What are best practices for managing a multi-user Linux system? Discuss user isolation, resource limits, and security hardening.
Explanation
User isolation: each user should have separate home directory (mode 700) preventing other users from accessing their files. Use private groups (one group per user) as primary group. Avoid shared accounts - each person should have individual account for accountability. Separate service accounts from user accounts. Use PAM to restrict which users can login, which services they can use, and from where (IP restrictions).
Resource limits with ulimit or /etc/security/limits.conf prevent users from consuming excessive resources. Set limits on: max processes (nproc), max open files (nofile), max file size (fsize), max CPU time (cpu), max memory (as, rss). Example: username hard nproc 100 limits user to 100 processes. Use cgroups for more sophisticated resource management including CPU shares, memory limits, and I/O priorities.
Password policies: enforce strong passwords with pam_pwquality, set maximum password age with chage, implement account lockout after failed attempts with pam_faillock, require password on sudo unless specific exceptions, disable root login over SSH, and use key-based authentication where possible. Regular password audits detect weak passwords before attackers do.
Access control: principle of least privilege - grant minimum necessary permissions. Use groups for permission management rather than ACLs when possible. Regularly audit user accounts removing inactive accounts (lastlog shows last login). Monitor suspicious activity with log analysis (failed login attempts, sudo usage, file access). Set up proper file ownership on shared directories with setgid and appropriate umask.
Monitoring and auditing: enable audit logging with auditd, monitor logs for suspicious patterns (excessive failed logins, privilege escalation attempts, unusual file access), set up alerts for critical events, track sudo usage, and regularly review user list in /etc/passwd. Use centralized logging for multi-system environments. Implement file integrity monitoring (AIDE, Tripwire) to detect unauthorized changes to system files.