Understanding and managing security on Fedora 20
The security models for Linux differ quite a bit from what users may be used to on Windows. We'll look at what Linux has to offer, how to manage it, and how to stay safe with Linux.
Security on Linux is a big topic. Huge. Mind-bogglingly big. You could produce an entire book on the topic (and people have) and still not be comprehensive. In realization of this, I'm going to pare down the topic to a manageable size for this article and cover some of the bare basics you need to know to use and manage your desktop system effectively.
I'll touch on the basic concepts of Linux security as they apply to Fedora 20, but I'll not get too far into the weeds in discussing theory or history. I'll describe using
sudo to run commands and discuss when you might want to use
su to become root (and, I'll explain what "root" is). You'll also learn about managing file and directory permissions, how to update your system, and managing the system firewall.
What I won't do is spend any more time at the command line than I absolutely must. A common complaint about Linux from new users is that they have to use the command line. Although I enjoy using command-line utilities most of the time, it can be confusing and there's no good reason for doing so if a GUI equivalent exists.
Security on Linux
Linux's security model is very different from what users are familiar with on Windows XP, for a number of reasons. Linux inherits many security concepts from Unix, which was designed for multiuser systems. I don't just mean a system that had more than one user account, which you can do easily under Windows XP. I mean a system that would have multiple users logged and working at the same time. This might be users from different departments or even users who had access to a system from different companies.
You might hear people say that "everything" is a file on Linux and Unix systems. This is a bit of an over-simplification, but virtually everything on your system is represented in some way as a file. For example, if you look under the
/proc directory, you'll see a bunch of numbered directories. These represent running processes on the system. For example,
/proc/1 represents the system init (systemd) process. If you look under
/dev, you'll see a bunch of directories and "special" files that represent system devices.
So, a big chunk of security revolves around permitting or denying access to files on the system to the users and processes on the system. I'll spend a fair amount of time on users and on file and directory permissions.
Another big chunk of security revolves around host access, or denying host access. So I'll talk about the system firewall from the desktop perspective and how to add new firewall rules or delete rules if they conflict with services you want to use.
Root and Users
When you set up Fedora, you're prompted to create two users: the root user and a regular user. However, you don't get much information about what the difference is or why you need two accounts.
If you're coming from Windows, you may have an "Administrator" user for your system and some regular users. The concept is pretty similar on Linux. The
root user can do pretty much anything on the system – install programs, create or remove users, manage files for the entire system, start and stop services, and so on.
Regular users, on the other hand, have permission to start some programs, manipulate files that they own, manage their own processes, and so forth. However, they can't, for example, create a new user or start and stop system processes that they don't own. (I'll talk about "owning" things a bit later.)
Some Linux distributions only set up a "regular" user and depend on the use of a utility called
sudo to let users maintain their systems. The root account still exists; it's just given a random password and the user is expected to do system management with
sudo instead of switching to root to install packages and such.
Fedora, however, allows for both. When you're installing Fedora, you're given the option of letting the new user act as an administrator, which gives the user privileges to administer the system using
What Is sudo, and How Do I Use It?
sudo command allows a user to run a command as another user. This can be a fairly broad set of privileges – such as setting up a user as Administrator – or it can be as limited as giving a user permission to execute one application as another user. Note that the user doesn't have to be root. For example, you could have the users "chuck" and "liz" and give chuck
sudo privileges to run a script as liz – just that script, and just as liz, not as root.
The most common use case on Fedora being run as a desktop, however, is to employ
sudo to run administrator commands instead of switching to root. For example, the command
$ sudo yum update
tells the system "I'd like to run
yum update as root and then return to my normal user privileges."
For the most part, you never actually have to touch the terminal to make use of administrator privileges. Instead, Fedora has several utilities that will give you the option of authenticating with your password to manage your system and then return to normal user privileges. I'll start with working with users.
Buy this article as PDF
VMware bids for a stake in the container industry with a bold effort to integrate containers with its classic virtualization system.
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm