Managing Accounts And Resource Access Day-To-Day - Red Hat ENTERPRISE LINUX 4 - INTRODUCTION TO SYSTEM ADMINISTRATION Administration Manual

Chapter 6. Managing User Accounts and Resource Access
Therefore, if your organization requires this kind of environment, you should make a point of docu-
menting the exact steps required to create and correctly configure a user account. In fact, if there are
different types of user accounts, you should document each one (creating a new finance user account,
a new operations user account, etc.).

6.1.4. Managing Accounts and Resource Access Day-to-Day

As the old saying goes, the only constant is change. It is no different when dealing with your user
community. People come, people go, and people move from one set of responsibilities to another.
Therefore, system administrators must be able to respond to the changes that are a normal part of
day-to-day life in your organization.
6.1.4.1. New Hires
When a new person joins your organization, they are normally given access to various resources
(depending on their responsibilities). They may be given a place to work, a phone, and a key to the
front door.
They may also be given access to one or more of the computers in your organization. As a system
administrator, it is your responsibility to see that this is done promptly and appropriately. How should
you do this?
Before you can do anything, you must first be aware of the new person's arrival. This is handled
differently in various organizations. Here are some possibilities:
Create a procedure where your organization's personnel department notifies you when a new person
•
arrives.
Create a form that the person's supervisor can fill out and use to request an account for the new
•
person.
Different organizations require different approaches. However it is done, it is vital that you have a
highly-reliable process that can alert you to any account-related work that needs to be done.
6.1.4.2. Terminations
The fact that people will be leaving your organization is a given. Sometimes it may be under happy
circumstances and sometimes it may be under unhappy circumstances. In either case, it is vital that
you are made aware of the situation so that you can take the appropriate actions.
At the very least, the appropriate actions should include:
Disabling the user's access to all systems and related resources (usually by changing/locking the
•
user's password)
Backing up the user's files, in case they contain something that is needed at a later time
•
Coordinating access to the user's files by the user's manager
•
The top priority is to secure your systems against the newly-terminated user. This is particularly
important if the user was terminated under conditions that could leave the user feeling malice toward
your organization. However, even if the circumstances are not quite so dire, it is in your organization's
best interest for you to quickly and reliably disable access by the newly-terminated person.
This indicates the need for a process that alerts you to all terminations — preferably even before the
actual termination takes place. This implies that you should work with your organization's personnel
department to ensure that you are alerted to any upcoming terminations.
121