| Deutsch English Français Italiano |
|
<slrnvcu982.5ir9.rotflol2@geidiprime.bvh> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Borax Man <rotflol2@hotmail.com> Newsgroups: comp.os.linux.misc Subject: Re: privileged user in RedHat Date: Wed, 28 Aug 2024 13:24:18 -0000 (UTC) Organization: A noiseless patient Spider Lines: 64 Message-ID: <slrnvcu982.5ir9.rotflol2@geidiprime.bvh> References: <20240828082101.617dadf2@dorfdsl.de> <u82cnVISw_fySlP7nZ2dnZfqnPSdnZ2d@earthlink.com> <20240828120114.258c0432@dorfdsl.de> Injection-Date: Wed, 28 Aug 2024 15:24:19 +0200 (CEST) Injection-Info: dont-email.me; posting-host="21ff1adde3c9ae0e6abc71877fbb16f8"; logging-data="3669770"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/z/PbMCCrgdOsKl8CKrf88Pjg8BONOvhM=" User-Agent: slrn/1.0.3 (Linux) Cancel-Lock: sha1:B0ZO9arcUY9T/DhansvAFgzt0+Y= Bytes: 3553 On 2024-08-28, Marco Moock <mm+usenet-es@dorfdsl.de> wrote: > On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net" ><186283@ud0s4.net> wrote: > >> On 8/28/24 2:21 AM, Marco Moock wrote: >> > Hello! >> > >> > Is there any definition for the word "privileged user" in the Linux >> > (especially RedHat) environment? >> >> User 'root' is the only, initially, "privileged user". > > > Ok, but what does privileged then mean in the RHEL/ROCP environment? > > I know that stuff like sudo exists, but I'm mostly asking about the > term. > >> (note that 'sudo' kinda breaks this security measure, so >> research and set it CAREFULLY). You do NOT have to use >> 'visudo' ... but then it's on YOU to get it 100% right. >> Anything 'vi' I tend to REMOVE because I find line-editors >> SO offensive these days. > > I love vim, but this is irrelevant here. :-) > >> > I am currently learning RedHat OpenShift and the courses include a >> > question where the answer is that 2 containers run with UID 27 are >> > called privileged. (DO190 ch03s08 if you have access). >> > >> > I am aware that it is common that normal (real people) users start >> > with 1000 ongoing, server process users are below. Is there a >> > difference on the IDs or is that just tradition? >> >> It is "tradition" now to set the first 'regular' user >> to ID 1000, group 1000. Not all 'unix-like' systems >> may obey the same traditions, but Linux distros kinda >> all go that way. >> >> The SYSTEM doesn't really care about the ID numbers. > > Aren't there some applications/scripts that check those IDs? > IIRC in Debian some bash environment/profile stuff checks the UID to > set environment variables different for root. > >> Oh, Raspberry Pi's ... 'sudo' often requires NO >> password. NOT great. > > IIRC this is related to the OS installed on it. I run them with Debian > and Debian asks the user PW when using sudo by default, but this can be > easily changed in sudoers. > There is nothing special about the different UID's, apart from the root user. ID's start at 1000 so they don't overlap with ID's which may be used for system processes and the like. When I started using Linux, they typically started at 500. What you are referring to, is specifically a RedHat OpenShift thing, presumably permissions and restrictions that the containerised environment adds. In this case, this is RedHat specific, rather than Linux per-se. You'd need to research OpenShift specifically, because from what you describe, this is OpenShift technology at work.