Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When I first installed Fedora 38 I had one account with admin privileges. With this arrangement, some actions in the gui require admin authentication by entering the admin password. Some commands on the command line require the use of sudo. Is this a safe way to work, including internet access, or should I change this account to a standard account and set up a separate account for admin purposes?
Trying to answer my own question, I have experimented by doing the latter and find that the admin account appears to not require the use of sudo. And a standard account without admin privileges can't use sudo or authenticate certain actions in the gui. I'm assuming the latter is best.
If the latter is best, how then does the user without admin privileges do something that requires sudo or authentication like installing software or other administrative function in their account?
sudo is not an all-or-nothing proposition. You can add the various abilities a la carte without giving away the whole shop. First enumerate the actions you which the helper account to be able to carry out, then adjust /etc/sudoers or /etc/sudoers.d/ accordingly.
Some people here recommend having two user accounts, only one of which has sudo privileges. You use the other one for online work such as surfing the web. That way, if the account is compromised, the cracker can't escalate by getting sudo access.
Some people here recommend having two user accounts, only one of which has sudo privileges. You use the other one for online work such as surfing the web. That way, if the account is compromised, the cracker can't escalate by getting sudo access.
BTW, These questions are relative to a single user laptop. I'm not trying to administrate for multiple users.
Thanks. I think this is what I'm leaning toward. Two questions:
Why, if admin gives the standard account admin privileges, does he have to use sudo for some admin commands or authenticate some gui actions?
Does the standard account have any limitation on what he can do within his account; stuff that only admin can do?
Distribution: Mainly Devuan, antiX, & Void, with Tiny Core, Fatdog, & BSD thrown in.
Posts: 5,521
Rep:
The 'root' user decides who can run which programs, by adjusting the sudoers file, you could limit them to only logging off, or they could be allowed to halt the whole system, it can get complicated, that is why OpenBSD introduced 'doas', it replaces the complexity of sudo with an easier to understand syntax.
(Sometimes I just have a user account & a root account, most of the time I have sudo.)
I think the admin thing is part of polkit, which is a gui enabling kit. Some polkit users can be defined as administrators, which means their passwords have special power. Sudo is more basic and designed to work on the command line.
@hazel: Of course, "I am one of those people" who strongly advocate for very tight control of "admin access," which in the Unix/Linux environment consists of "membership in the wheel group."
A member of this group has unlimited access to the system, including the ability to issue the command sudo su, which immediately grants this user "root privileges" using his own password.
I can count on one hand the number of clients that I have worked with who actually took the time to "edit the sudoers file." 99.7% of them were simply lazy.
Every operating system possesses some variation of achieving this fundamental distinction between users. What's "lately very remarkable to me," however, is that it typically becomes the default. Typical installation scripts invite the user to set up one user account, not two.
The "fly in this ointment" is that, in these days and times, far too many "evil outsiders" can engineer a way to "exercise 'your' privileges without your knowledge," i-f you have them. This leads to the vital "principle of least privilege."
Even when you are "administering a very large system," and whether you are doing it on Linux or Windows or [anything-else], you can still exercise this principle. (After all ... are you ever so careless with the keys to your car?)
Last edited by sundialsvcs; 06-30-2023 at 09:26 PM.
Always remember that Unix® began as a timesharing operating system – built to constrain very-smart college students. Almost all users simply concerned themselves with whatever they had in their "home" accounts. The power to do anything else was purposely placed beyond their reach ... which of course caused it to be irresistible. (koff, koff ...)
@hazel: Of course, "I am one of those people" who strongly advocate for very tight control of "admin access," which in the Unix/Linux environment consists of "membership in the wheel group."
A member of this group has unlimited access to the system, including the ability to issue the command sudo su, which immediately grants this user "root privileges" using his own password.
I can count on one hand the number of clients that I have worked with who actually took the time to "edit the sudoers file." 99.7% of them were simply lazy.
Every operating system possesses some variation of achieving this fundamental distinction between users. What's "lately very remarkable to me," however, is that it typically becomes the default. Typical installation scripts invite the user to set up one user account, not two.
The "fly in this ointment" is that, in these days and times, far too many "evil outsiders" can engineer a way to "exercise 'your' privileges without your knowledge," i-f you have them. This leads to the vital "principle of least privilege."
Even when you are "administering a very large system," and whether you are doing it on Linux or Windows or [anything-else], you can still exercise this principle. (After all ... are you ever so careless with the keys to your car?)
I think I mentioned above that I recently changed my system so that I now have an admin account and a user account. Earlier today, I absently mindedly tried to update the system as user. Of course, it said that user is not on the sudoers list (or something like that). If I understand that I can put my user name on that list and then get su privileges with my user password, I don't like that. That's crazy. When working as user, is there a way to get temporary admin privileges or do you just have to switch users by temporarily logging out. It would seem logical to give the command sudo su and then use admin password, but that doesn't work.
Ah ha. I found it: su username then username's password. Never mind, but thanks.
Why, if admin gives the standard account admin privileges, does he have to use sudo for some admin commands or authenticate some gui actions?
I don't use Fedora but I believe it (like Ubuntu and its derivatives) use sudo by default so that the primary user created during the install has sudo (root) privileges. This requires the use of sudo with the password of the primary user to make system changes.
Quote:
Does the standard account have any limitation on what he can do within his account; stuff that only admin can do?
Yes. When logged in as the primary user, that user is as limited as any other user unless using sudo with the password. I'm not sure what you mean by 'admin' account. If this is the primary user created during install, the privileges are the same as any normal user without using sudo.
The link below leads to a page which explains sudo to some degree and its advantages.
As pointed out above, you can also give a normal user rights to run some commands requiring sudo to run a specific program or programs or to perform specific system tasks.
Simply allow the usual installation sequence to create the (one ...) administrator account. Then, log on as that account and create your everyday user account(s).
Since I run several small businesses, I create individual user-accounts for "each 'hat'" that I need to wear from day to day. Including accounts which represent the computing situation of each client, and an "accountant" user-id, and so on. All of these are "non-privileged." And, their /home/xxx directories are walled-off from each other.
When I log in to any of them, I am immediately presented with the "familiar environment" that I need for each "hat." But any "online robotic intruder," trying to exercise the privileges of the user or trying to gain more, would go nowhere. Each user has everything that it needs to perform its appointed role, and nothing(!) more.
Last edited by sundialsvcs; 07-01-2023 at 01:20 PM.
Simply allow the usual installation sequence to create the (one ...) administrator account. Then, log on as that account and create your everyday user account(s).
Since I run several small businesses, I create individual user-accounts for "each 'hat'" that I need to wear from day to day. Including accounts which represent the computing situation of each client, and an "accountant" user-id, and so on. All of these are "non-privileged." And, their /home/xxx directories are walled-off from each other.
When I log in to any of them, I am immediately presented with the "familiar environment" that I need for each "hat." But any "online robotic intruder," trying to exercise the privileges of the user or trying to gain more, would go nowhere. Each user has everything that it needs to perform its appointed role, and nothing(!) more.
I understand and that is what I have done except I need only one "user" account. However, I do find it curious that even when logged in as "admin" with, I assumed, full privileges, "admin" still has to use "sudo" to do some things like updating the system.
I know. I need to dig deeper into information about privileges.
As a member of the wheel group, an "administrator" has the ability to use suwithout restriction, including the ability to issue "sudo su" to gain root-level access using its own login password. This is why such capability should be very tightly restricted.
"Rogue software" runs as "you" and is able to do what "you" can do, but without your knowledge nor consent. This is why you should voluntarily place limits upon yourself. Computers are terrible at knowing when to say "yes," but terrific at saying "no."
"Rogue software" runs as "you" and is able to do what "you" can do, but without your knowledge nor consent. This is why you should voluntarily place limits upon yourself. Computers are terrible at knowing when to say "yes," but terrific at saying "no."
sudo and su must not be used together at all. It was discussed several times also here, at LQ.
Additionally you need to know there is no general admin user (like god with "full privileges"). It is always meant to be: admin of <something>. Root is the admin of your OS and additionally you may have another admin for your database, or for your web services or anything else. Usually root has no any (or just minimal) right to access these services/apps.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.