Enabling User Accounts
By default, all newly created user accounts are enabled. If you need to enable an account, you can use Linuxconf to do it.
Open Config => Users => Normal => User accounts.
- Select an account.
- Select -The account is enabled checkbox (Fig. 3.20).
Disabling User Accounts
You can temporarily disable a user account. If the user is gone forever from the company, it is preferable to delete the user's account. Back up all data from the user's home folder if needed.
Open Config => Users accounts => Normal => User accounts.
- Select an account.
- Unselect the checkbox that states, The account is enabled.
- Select the Accept button at the bottom of the window and you're all set.
The account is disabled and can be enabled later using the same steps.
Parameters for User Accounts
These are settings that control the account. By default, all of the settings are ignored, so they are unused. Must keep # days minimum number of days for the user's password.
The Must change after # days field can be set to make a user's password expire after a certain number of days. It is a good idea to let the user know that his/her password will expire soon. The Warn # days before expiration field should be used.
If you want an account set to expire after a certain number of days, use the Account expire after # days field. Enter the expiration date.
Privileges for User Accounts
In the Privileges section, you can grant power to the user and/or control over various aspects of system configuration. As default, regular users are denied all privileges on this screen. If you want the user to be able to do something, think and decide what rights you want to grant them. Let the user do something. In many companies users don't do anything anyways.
The difference between Granted and Granted/silent, if the privilege is granted, Linuxconf will ask for the user's password before allowing them to execute the task. Privileges granted silently, are not prompted for their password.
My advice is; do not grant users any privileges unless it is absolutely necessary. Be careful when you grant privileges, especially silently. Remember, any user at any time could sit at a particular workstation and start executing tasks that they shouldn't.
May use Linuxconf: These users are allowed to access all of linuxconf's capabilities, and they can set up or change any parameter.
May shutdown: Grant this right only if you want the user to be able to shutdown the system.
Never give a user too much power. If you do, sooner or later you will be locked out. For a regular station it may be Ok (grant them), but not for a server machine.
Users => Policies => Password & Account Policies
This panel controls the password enforcement policies; here you can specify the length of the password, the restrictions of numbers and letters.
You can enforce the restrictions required at your wish. Good passwords contain a combination of letters, numbers, and special characters. A password should use both upper case and lower case letters. As a good practice never use your username, your anniversary, your social security number, the dog's name, you mamas name, your middle name or the word root. Don't use any variation of a word associated with your account or with yourself. Always avoid dictionary words; dictionary words are easy to crack. Oh, and forget these: “love, sex and god”.