Chapter 3 Link to heading

System has users and groups Link to heading

Everything is a file: processes, devices, network connections and have uid/gid

root is always 0, gid 0, users starts from 1000

su != sudo

setuid and setgid Link to heading

setuid and setgid: Runs with pre-defined uid/gid instead of the runner user’s uid/gid https://www.geeksforgeeks.org/setuid-setgid-and-sticky-bits-in-linux-file-permissions/

sudo Link to heading

/etc/sudoers

sudoreplay Defaults log_output Defaults!/usr/bin/sudoreplay !log_output Defaults!/sbin/reboot !log_output visudo

Disable root account with /bin/false /bin/nonlogin on /etc/passwd

PAM Link to heading

PAM: single-signon Kerberos: network crypto auth (part of AD)

Linux capabilities Link to heading

Linux namespaces Link to heading

AppArmor (canonical), Smack, TOMOYO, Yama, SELinux Link to heading

MAC Mandatory access control Link to heading

Others Link to heading

https://www.thegeekdiary.com/understanding-the-etc-skel-directory-in-linux/ https://www.maketecheasier.com/check-sudo-history-linux/ https://www.redhat.com/sysadmin/pluggable-authentication-modules-pam https://www.vultr.com/docs/working-with-linux-capabilities/

Umask Link to heading

Umask permissions

image-20221118140813982
― image-20221118140813982 ―