Taking the time to implement and maintain security policies is like working out at the gym—it takes time and can be a fair amount of work, and although it generally improves the health of a system, you can never be sure which problems it's helped you avoid. System security is a generic term that spans a huge number of topics but can generally be divided into several classes: restricting access to your systems, restricting the services that your systems provide and how those services operate, and restricting what users can do on a system once they get access to it. The first two of these topics are discussed in Chapter 25, "Network Configuration and Security"; this chapter focuses on the third.

UNIX-like systems such as Linux are traditionally much more secure than their Microsoft Windows counterparts because they were designed as multiuser operating systems where different users have always had different privileges. Being conscious of the privileges required for different operations should be built into every UNIX and Linux sysadmin.

The Ubuntu and Kubuntu Linux distributions have always been security conscious. For example, Ubuntu pioneered the use of sudo as the primary mechanism for executing commands as a privileged user. This is a surprise to almost everyone the first time that you encounter Ubuntu and takes time to get used ...