Security Information and Review

Collection of security information and review

Basic User Linux Security

Author : Admin

All Administrator for Linux security reasons, Linux / Ubuntu server disabling the root user, it doesn’t even have a password , so we can not login as root so we do finish the installation system, because the root has rights to the infinite and to reduce the risk of error due to the usage rights as root.
How about a task which can only be run using the root user? On Linux in general, especialy of the Ubuntu Server, introduced with the use of sudo mechanism. The idea of sudo can be described that task - a task which can only be run by root can be defined specifically for a previous user of a given authority. Because sudo is the basic mechanism on Ubuntu to perform tasks that normally are reserved for root only, after a normal installation every administration tasks is performed that way.For example to run the shutdown command, is generally the root user has authority to run it but we can define on a particular user to run. The user is authorized to run commands with sudo. Define the commands and the user is authorized to run sudo then we need to do edit the file / etc / sudoers. We can use our favorite editor to do it, vi, or nano visudo.

As you can see in listing, the default configuration in /etc/sudoers is rather simple.

 

# /etc/sudoers
 
#
 
# This file MUST be edited with the ’visudo’ command as root.
 
#
 
# See the man page for details on how to write a sudoers file.
 
# Host alias specification
 
# User alias specification
 
# Cmnd alias specification
 
# Defaults
 
Defaults !lecture,tty_tickets,!fqdn
 
# User privilege specification
 
root ALL=(ALL) ALL
 
# Members of the admin group may gain root privileges
 
%admin ALL=(ALL) ALL

It’s really just two lines of configuration. The first line is root ALL=(ALL) ALL, which specifies that user root has the right to run all commands from all machines. Next, we can see that the same is true for all users who belong to the user group admin. Typically, this is only the user you have created during the installation of Ubuntu Server ( Applies to all Linux platform ). For example, we will define user Martin to can execute command /sbin/shutdown

 

     martin ALL=/sbin/shutdown

This line consists of three parts. In the first part, the username is entered. Instead of the name of a specific user, you can refer to groups as well, but, if you do that, make sure to put a % sign before the group name. The second part-ALL in this example-refers to the name of the host where the user is logged on. Here, that host name has no limitations, but you can specify the name of a specific machine to minimize the risk of abuse by outsiders. Next, the command that this user is allowed to use (/sbin/shutdown, no options) is specified. This means that the user is allowed to run all options that can be used with this command. If you want to allow the user just one option, you need to include that option in the command line. If that’s the case, all options that do not match the pattern you have specified in sudoers are specifically denied. Now that the sudo configuration is in place, the specified user can run his commands. To do this, the complete command should be referred to because the directories that typically house the root commands (/sbin, /usr/sbin) are not in the search path for normal users. So, user linda should use the following command to shut down the machine:

 

      sudo /sbin/shutdown -h now

Literature :
Ubuntu Server Administration

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Linux Security
If you like this posts, please leave messages / comments.