Deutsch English Français Italiano |
<vanqhj$3iqp2$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Bobbie Sellers <blissInSanFrancisco@mouse-potato.com> Newsgroups: comp.os.linux.misc Subject: Re: privileged user in RedHat Date: Wed, 28 Aug 2024 11:33:23 -0700 Organization: none at all Lines: 65 Message-ID: <vanqhj$3iqp2$1@dont-email.me> References: <20240828082101.617dadf2@dorfdsl.de> <u82cnVISw_fySlP7nZ2dnZfqnPSdnZ2d@earthlink.com> <20240828120114.258c0432@dorfdsl.de> Reply-To: blissInSanFrancisco@mouse-potato.com MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Wed, 28 Aug 2024 20:33:24 +0200 (CEST) Injection-Info: dont-email.me; posting-host="a37d359fd7dde28897fd3db559c09b3f"; logging-data="3762978"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+6LQuqzrZbgXq+02i3FKdQ" User-Agent: Betterbird (Linux) Cancel-Lock: sha1:6GB3GnsGp9BbdSPFo2P5BHxfvpY= Content-Language: en-US In-Reply-To: <20240828120114.258c0432@dorfdsl.de> Bytes: 3586 On 8/28/24 03:01, Marco Moock wrote: > On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net" > <186283@ud0s4.net> wrote: > >> On 8/28/24 2:21 AM, Marco Moock wrote: >>> Hello! >>> >>> Is there any definition for the word "privileged user" in the Linux >>> (especially RedHat) environment? >> >> User 'root' is the only, initially, "privileged user". But root can assign other users certain privileges. For example I am root on my system but I have assigned myself certain administrative privilegs so that for example I can do updates with my user password. In Multiple user systems user may be allowed the use of certain tools to maintain their own accounts. > > > Ok, but what does privileged then mean in the RHEL/ROCP environment? > > I know that stuff like sudo exists, but I'm mostly asking about the > term. > >> (note that 'sudo' kinda breaks this security measure, so >> research and set it CAREFULLY). You do NOT have to use >> 'visudo' ... but then it's on YOU to get it 100% right. >> Anything 'vi' I tend to REMOVE because I find line-editors >> SO offensive these days. > > I love vim, but this is irrelevant here. :-) > >>> I am currently learning RedHat OpenShift and the courses include a >>> question where the answer is that 2 containers run with UID 27 are >>> called privileged. (DO190 ch03s08 if you have access). >>> >>> I am aware that it is common that normal (real people) users start >>> with 1000 ongoing, server process users are below. Is there a >>> difference on the IDs or is that just tradition? >> >> It is "tradition" now to set the first 'regular' user >> to ID 1000, group 1000. Not all 'unix-like' systems >> may obey the same traditions, but Linux distros kinda >> all go that way. >> >> The SYSTEM doesn't really care about the ID numbers. > > Aren't there some applications/scripts that check those IDs? > IIRC in Debian some bash environment/profile stuff checks the UID to > set environment variables different for root. > >> Oh, Raspberry Pi's ... 'sudo' often requires NO >> password. NOT great. > > IIRC this is related to the OS installed on it. I run them with Debian > and Debian asks the user PW when using sudo by default, but this can be > easily changed in sudoers. > bliss -- b l i s s - S F 4 e v e r at D S L E x t r e m e dot com