Creating Users and Groups

Whenever new users are added to the system, accounts must be created and configured to allow them to do their work without creating a security risk. It is often difficult for you to know what resources, for example, a new accountant really needs access to so you'll benefit from working closely with company management to determine what's appropriate for each position. We prefer to create scripts that allow us to create a user by assigning defaults for the department to which the new user is being assigned. This allows us to easily create an account for a new person in the accounting department by creating a prototypical accounting department user and tweaking the accounts from there. We talk about that more in Chapter 5, Creating and Maintaining User Accounts. At a minimum, a mail spool must be established for each user, and you'll be responsible for configuring access to the mail spool and to an adequate mail client. Chapter 14, Setting Up Your Mail Server, covers the configuration of...

The total cost of ownership TCO of Linux is high

Nobody really knows how to calculate the total cost of ownership of a general piece of software. no matter how clever terms they use. So a good lawyer + accountant can prove whatever point they are paid to make. They appear to regularly do so. I guess accountants typically talk about the TCO for software necessary for doing business, and thus skip the issue of the value, benefit, and the return on investment. There is really no value in the mainstream software, it is just the necessity for doing business these days. Well, Linux satisfies my computing necessities at zero monetary cost, and the personal pleasure and learning value are great.

IptablesA Forward j anoness

Unfortunately, there is a small but unavoidable problem when trying to do accounting by service type. You will remember that we discussed the role the MTU plays in TCP IP networking in an earlier chapter. The MTU defines the largest datagram that will be transmitted on a network device. When a datagram is received by a router that is larger than the MTU of the interface that needs to retransmit it, the router performs a trick called fragmentation. The router breaks the large datagram into small pieces no longer than the MTU of the interface and then transmits these pieces. The router builds new headers to put in front of each of these pieces, and these are what the remote machine uses to reconstruct the original data. Unfortunately, during the fragmentation process the port is lost for all but the first fragment. This means that the IP accounting can't properly count fragmented datagrams. It can reliably count only the first fragment, or unfragmented...

Ipfwadm A both a W ppp0 P tcp S 00 0xFFFF

In 2.2 kernels you can select a kernel compile-time option that negates this whole issue if your Linux machine is acting as the single access point for a network. If you enable the IP always defragment option when you compile your kernel, all received datagrams will be reassembled by the Linux router before routing and retransmission. This operation is performed before the firewall and accounting software sees the datagram, and thus you will have no fragments to deal with. In 2.4 kernels you compile and load the netfilter forward-fragment module.

The Code Is Free

Linux and GNU software are distributed under the terms of the GNU General Public License (GPL, licenses licenses.html). The GPL says you have the right to copy, modify, and redistribute the code covered by the agreement. When you redistribute the code, however, you must also distribute the same license with the code, making the code and the license inseparable. If you get source code off the Internet for an accounting program that is under the GPL and then modify that code and redistribute an executable version of the program, you must also distribute the modified source code and the GPL agreement with it. Because this arrangement is the reverse of the way a normal copyright works (it gives rights instead of limiting them), it has been termed a copyleft. (This paragraph is not a legal interpretation of the GPL it is here merely to give you an idea of how it works. Refer to the GPL itself when you want to make use of it.)

Availability Defined

If you look it up in the dictionary, you will find that available means present or ready for immediate use. And this is really the heart of everything we will be talking about in this section services being available. We will use the end user's perspective here because that is all that matters. The users and the services they need are the sole reason the IT infrastructure exists. There is no company or organization that runs servers just for the fun of running servers. For the end user availability means this I can use the service that I am allowed to have access to. This can be something as simple as a word processing application or a spreadsheet program. Or it can be a more complex service such as email and document management, or accounting software. So determining whether a service is available is really simple from the perspective of the end user Can I access my email Answering this question with yes means availability, answering with no means...

Virtual Memory

All addresses lie in the 0 to 4 Gig range. Although it would make sense that different tasks be required to use different parts of the 4 Gig space, Linux does not work this way. Linux may allocate the same addresses to different tasks at the same time. These addresses are not real. They are called virtual addresses. Just as a fraudulent accountant keeps two sets of books, one for the auditors and one for the true state of affairs, Linux must keep a set of virtual addresses for each task, plus one set of real addresses for the actual physical locations on disk and in RAM.


NolaPro is an easy-to-use, Web-based accounting program. mike diehl I've been doing side work for years, and recently, I've become voluntarily self-employed. Like most small and even large companies, one of my biggest problems is tracking who owes me money and whom I need to pay. And, I kind of want to know whether I'm actually making a living. This is where a good accounting program becomes essential. About six months ago, I started looking for an accounting program in order to track my side work. I needed something that was easy to use, ran on Linux and preferably was Web-based. It had to be easy to use, because I'm not an accountant or a financial analyst I'm a nerd. The program had to run on Linux, or I wouldn't have anywhere to run it. I wanted it to be Web-based, because I didn't want to have to install the software on all my machines, and I wanted to be able to log time and charges from remote locations. The Holy Grail would have been if it also would integrate with eGroupWare....


The Linux kernel provides a variety of facilities to ensure that these events do not take place. But to avoid security breaches, ordinary applications must be careful as well. For example, imagine that you are developing accounting software. Although you might want all users to be able to file expense reports with the system, you wouldn't want all users to be able to approve those reports.You might want users to be able to view their own payroll information, but you certainly wouldn't want them to be able to view everyone else's payroll information.You might want managers to be able to view the salaries of employees in their departments, but you wouldn't want them to view the salaries of employees in other departments.