Ensure that all users are allocated a password.
Users should never share their passwords.
You can set passwords to expire after a predefined time to improve password security.
It is good practice to check regularly /etc/passwd for users with their UID set to 0.
Regularly check for invalid users.
It is good practice to disable direct root logins by configuring the /etc/default/login file. This will force users with access to root to use the su command, thus leaving an audit trail.
Check the /var/adm/sulog regularly for users attempting to gain access to the root account.
Provide users with a nonwriteable .profile if you want to try and enforce a default environment.
For users that only use a specific application, specify this instead of ...