Objective 1: Perform Security Administration Tasks

Since everything in Linux is a file, filesystem level security is a core concept that must be understood and implemented properly. The standard Unix security model (which most Linux file systems adopt) is a relatively simple permissions-based model, but it is sufficient for most permissions needs. For more information on the details of the Unix permissions-based security model, refer to the section Changing access modes.

When a user executes a program in Linux, that program is spawned as a subprocess (or subshell) of the user’s current shell. This subprocess is known as a child process, and is defined in depth in the section Objective 5: Create, Monitor, and Kill Processes. From a security standpoint, the important thing to remember about child processes is that they inherit the security context of the parent process. So if the user adam executes a program, that program will have access to the same files and directories that the user adam normally has (no more, and no less).

However, this is not always a desirable situation. One of the criticisms of the standard Linux security model is that it is not fine-grained enough, i.e., you’re either a regular user with little or no privileges, or you are the superuser (root) with all privileges. Often, we want the ability to elevate certain users to superuser status for short periods of time, or to execute certain commands, or we want certain commands themselves to execute with elevated privileges, ...

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.