Linux Accounts and Privilege Escalation
From bib. source
There are three types of accounts on Linux systems: root, standard user and service.
The administrator account in Linux is called root.
So, in sum (Garn 2022, 16):
| user account type | role |
|---|---|
| root | Administration of the Linux system. |
| standard user | Usage of the system for everyday task performance. |
| service user | Operation of server actions. |
When it comes to security given the existence of the administrative account, best practice (Ibid):
From bib. source
[…] is to log on with a standard user account[sic], and then, if necessary, switch your user account to root.
In Linux, the command to switch to another user account is su, which in this case would be used the following way (Ibid):
su rootSwitching in this way retains the profile or environment of the initial user prior to the user account switch. To also switch to using the profile or environment of the user account switched to, a hyphen following su is needed (Ibid):
su - rootAfter doing whatever needs to be done as that user account, one returns to one’s initial user account by typing exit (Ibid):
exitOne can check what user account one is now on by running the command whoami (Garn 2022, 12):
whoamiIn any case, the issue with the security approach of using a standard user account until having to do an administrative task hence switching to the root account, is that in that case (Garn 2022, 17):
From bib. source
[…] the user is either a non-privileged account with almost no administrative authority or the full root user account with all possible administrative authoring–and nothing in-between. Sometimes, administrators want to delegate specific, defined activities that require root authority, but only those particular activities.
That is, in that case, one either has no or full administrative account power or ability on the system. To allow for partial administrative abilities or powers, “[s]ysadmins can edit a file named /etc/sudoers to delegate specific tasks to individual users and groups” (Ibid).
For the user or group to perform the /etc/sudoers delegated specific administrative task, the user or the user member of the given group must “simply precede the command” tied to that task “with sudo” (Ibid).
Further (Ibid):
From bib. source
As a security measure, some distributions disable the root user account and force the use of
sudoon specific user accounts.
system_administration bash bash_script bash_scripting command_line command-line command_lines command-lines command_line_interface command_line_interfaces users user_account user_accounts sudo superuser_do administrative_account administrative_accounts standard_account standard_accounts administrative_user_account administrative_user_accounts standard_user_account standard_user_accounts kernel operating_system privilege_escalation shell_script shell_scripting Bourne_Again_Shell_script Bourne_Again_Shell_scripting Bourne_Again_Shell systems accounts file files interface interfaces root_user command_argument command_arguments command_option command_options command_flags command_flag subcommand privilege privileges Linux
bibliography
- Garn, Damon. The Official CompTIA Linux+ Student Guide (Exam XK0-005). 1.0. Downers Grove, IL: CompTIA, 2022.