S 4.13 Careful allocation of identifiers

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

In Unix systems, user and group identifiers of processes and files are used in order to determine the perpetrators of actions and to grant rights, amongst other things. Therefore, these identifiers must be allocated carefully.

Each login name, each user ID (UID), and each group ID (GID) must only be used once. Even after deleting a user and/or a group, login name and UID and/or GID should not be re-allocated for a certain period. For networked systems, it must also be ensured across all systems that user names and UIDs are not allocated several times. This is particularly important when using NFS due to the implementation of UIDs so that no data can be read by unauthorised persons.

Every user must be a member of at least one group. Every GID mentioned in the /etc/passwd file must be defined in the /etc/group file.

Every group should only contain the users absolutely necessary. This is of particular importance for the system groups (such as root, sys, bin, adm, news, uucp, nuucp, or daemon).

Logins with UID 0 (Super-User) must only be allocated for administrative logins according to regulations specified in advance, except for the system administrator root (see S 2.33 Division of administrator roles under Unix).

It makes sense to define naming conventions for login names and UIDs and/or GIDs. In addition, it should be checked at regular intervals if all UIDs are plausible. For example, they should only consist of numbers and/or not contain any invalid combinations such as 00 or 000.

The files /etc/passwd and /etc/group should not be edited with the help of editors, since errors may significantly impair the system's security. Only the corresponding administration tools should be used, which are, however, very system-specific,

Review questions:

© Federal Office for Information Security. All rights reserved.