Chapter 3 Link to heading
System has users and groups Link to heading
Everything is a file: processes, devices, network connections and have uid/gid
root is always 0, gid 0, users starts from 1000
su != sudo
setuid and setgid Link to heading
setuid and setgid: Runs with pre-defined uid/gid instead of the runner user’s uid/gid https://www.geeksforgeeks.org/setuid-setgid-and-sticky-bits-in-linux-file-permissions/
sudo Link to heading
/etc/sudoers
sudoreplay Defaults log_output Defaults!/usr/bin/sudoreplay !log_output Defaults!/sbin/reboot !log_output visudo
Disable root account with /bin/false /bin/nonlogin on /etc/passwd
PAM Link to heading
PAM: single-signon Kerberos: network crypto auth (part of AD)
Linux capabilities Link to heading
Linux namespaces Link to heading
AppArmor (canonical), Smack, TOMOYO, Yama, SELinux Link to heading
MAC Mandatory access control Link to heading
Others Link to heading
https://www.thegeekdiary.com/understanding-the-etc-skel-directory-in-linux/ https://www.maketecheasier.com/check-sudo-history-linux/ https://www.redhat.com/sysadmin/pluggable-authentication-modules-pam https://www.vultr.com/docs/working-with-linux-capabilities/
Umask Link to heading
Umask permissions