Service Group IT
Ulm University James-Franck-Ring D-89069 Ulm
Building O27, Floor 2
Room 245
Service E-Mail:
kontakt-sgi(at)uni-ulm.de
System security requires that each account in the system is protected as well as possible against unauthorized use. Every user must feel responsible for the security of his account. This is because once a badly secured account has been broken into, not only can the system resources be misused on behalf of that user, but all other users are also threatened by the burglar's new options.
A useful technique for good passwords:
Choosing a phrase with a meaning that you can remember. Take the first letters of each word in order (including upper/lower case) and the punctuation marks as your password.
no world-write-access to the home directory and all own files
no world access to point files like .login, .cshrc, .profile, etc.
no world-exec access to own programs (risk for the caller)
World-Read access to own files only in exceptional cases
no set-UID programs with World Exec access
no set-UID or set-GID scripts
set umask to value 077
check own files for plausibility (name, owner, access protection, date) from time to time using "ls -alc
include only secure directories in the definition of the command search path (CSH variable path, SH variable PATH, environment variable PATH)
Do not enter the current directory (".") at all or only as last directory in PATH or path
no "+" in the .rhosts file
no computer and user from another security cluster in the .rhosts file
no entry without user specification in the .rhosts file
no "old" entries (Hosts, User) in the .rhosts file
in .netrc file only entries for access to anonymous FTP, no passwords
Caution when executing programs from other user directories (unwanted side effect, Trojan horse)
do not enter the command "xhost +" or "xhost +computer name
Make password entries via xterm only in Secure-Mode (Option Secure-Keyboard or secureonpwd)
[Partly taken over from Saarland University]
Service Group IT
Ulm University James-Franck-Ring D-89069 Ulm
Building O27, Floor 2
Room 245
Service E-Mail:
kontakt-sgi(at)uni-ulm.de