Skip to Main Content
Linux Security Cookbook
book

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Intermediate to advanced content levelIntermediate to advanced
336 pages
8h 54m
English
O'Reilly Media, Inc.
Content preview from Linux Security Cookbook

Chapter 5. Authorization Controls

Authorization means deciding what a user may or may not do on a computer: for example, reading particular files, running particular programs, or connecting to particular network ports. Typically, permission is granted based on a credential such as a password or cryptographic key.

The superuser root, with uid 0, has full control over every file, directory, port, and dust particle on the computer. Therefore, your big, security-related authorization questions are:

  • Who has root privileges on my computer?

  • How are these privileges bestowed?

Most commonly, anyone knowing your root password has superuser powers, which are granted with the su command:

$ su
Password: *******
#

This technique is probably fine for a single person with one computer. But if you’re a superuser on multiple machines, or if you have several superusers, things get more complicated. What if you want to give temporary or limited root privileges to a user? What if one of your superusers goes berserk: can you revoke his root privileges without impacting other superusers? If these tasks seem inconvenient or difficult, your system might benefit from additional infrastructure for authorization.

Here are some common infrastructures and our opinions of them:

Sharing the root password

This is conceptually the simplest, but giving every superuser full access to everything is risky. Also, to revoke a rogue superuser’s access you must change the root password, which affects all other superusers. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Administration Cookbook

Linux Administration Cookbook

Adam K. Dean

Publisher Resources

ISBN: 0596003919Errata Page