Configuring Firewalls

After an OS is installed, if a common user is configured, you can add the ALWAYS_SET_PATH field to the /etc/login.defs file and set it to yes to prevent unauthorized operations. In addition, to prevent the common user from using su root to inherit environment variables to escalate the privileges, you can set ALWAYS_SET_PATH in the server configuration file /etc/default/su to yes. For details about other operations, see the OS guide.