Administrative Controls - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Figure 43.1. Specifying password aging options
For more information about user and group configuration (including instructions on forcing first time
Chapter 33, Users and
passwords), refer to

43.1.4. Administrative Controls

When administering a home machine, the user must perform some tasks as the root user or by
acquiring effective root privileges via a setuid program, such as sudo or su. A setuid program is
one that operates with the user ID (UID) of the program's owner rather than the user operating the
program. Such programs are denoted by an s in the owner section of a long format listing, as in the
following example:
-rwsr-xr-x 1 root
Note
The s may be upper case or lower case. If it appears as upper case, it means that the
underlying permission bit has not been set.
For the system administrators of an organization, however, choices must be made as to how much
administrative access users within the organization should have to their machine. Through a PAM
module called pam_console.so, some activities normally reserved only for the root user, such as
rebooting and mounting removable media are allowed for the first user that logs in at the physical
Section 43.4, "Pluggable Authentication Modules (PAM)"
console (refer to
Groups.
root 47324 May 1 08:09 /bin/su
for more information about
Administrative Controls
611