Understanding and managing security on Fedora 20

Security Basics

© Lead Image © Volodymyr Goinyk, 123RF.com

© Lead Image © Volodymyr Goinyk, 123RF.com


The security models for Linux differ quite a bit from what users may be used to on Windows. We'll look at what Linux has to offer, how to manage it, and how to stay safe with Linux.

Security on Linux is a big topic. Huge. Mind-bogglingly big. You could produce an entire book on the topic (and people have) and still not be comprehensive. In realization of this, I'm going to pare down the topic to a manageable size for this article and cover some of the bare basics you need to know to use and manage your desktop system effectively.

I'll touch on the basic concepts of Linux security as they apply to Fedora 20, but I'll not get too far into the weeds in discussing theory or history. I'll describe using sudo to run commands and discuss when you might want to use su to become root (and, I'll explain what "root" is). You'll also learn about managing file and directory permissions, how to update your system, and managing the system firewall.

What I won't do is spend any more time at the command line than I absolutely must. A common complaint about Linux from new users is that they have to use the command line. Although I enjoy using command-line utilities most of the time, it can be confusing and there's no good reason for doing so if a GUI equivalent exists.

Security on Linux

Linux's security model is very different from what users are familiar with on Windows XP, for a number of reasons. Linux inherits many security concepts from Unix, which was designed for multiuser systems. I don't just mean a system that had more than one user account, which you can do easily under Windows XP. I mean a system that would have multiple users logged and working at the same time. This might be users from different departments or even users who had access to a system from different companies.

You might hear people say that "everything" is a file on Linux and Unix systems. This is a bit of an over-simplification, but virtually everything on your system is represented in some way as a file. For example, if you look under the /proc directory, you'll see a bunch of numbered directories. These represent running processes on the system. For example, /proc/1 represents the system init (systemd) process. If you look under /dev, you'll see a bunch of directories and "special" files that represent system devices.

So, a big chunk of security revolves around permitting or denying access to files on the system to the users and processes on the system. I'll spend a fair amount of time on users and on file and directory permissions.

Another big chunk of security revolves around host access, or denying host access. So I'll talk about the system firewall from the desktop perspective and how to add new firewall rules or delete rules if they conflict with services you want to use.

Root and Users

When you set up Fedora, you're prompted to create two users: the root user and a regular user. However, you don't get much information about what the difference is or why you need two accounts.

If you're coming from Windows, you may have an "Administrator" user for your system and some regular users. The concept is pretty similar on Linux. The root user can do pretty much anything on the system – install programs, create or remove users, manage files for the entire system, start and stop services, and so on.

Regular users, on the other hand, have permission to start some programs, manipulate files that they own, manage their own processes, and so forth. However, they can't, for example, create a new user or start and stop system processes that they don't own. (I'll talk about "owning" things a bit later.)

Some Linux distributions only set up a "regular" user and depend on the use of a utility called sudo to let users maintain their systems. The root account still exists; it's just given a random password and the user is expected to do system management with sudo instead of switching to root to install packages and such.

Fedora, however, allows for both. When you're installing Fedora, you're given the option of letting the new user act as an administrator, which gives the user privileges to administer the system using sudo.

What Is sudo, and How Do I Use It?

The sudo command allows a user to run a command as another user. This can be a fairly broad set of privileges – such as setting up a user as Administrator – or it can be as limited as giving a user permission to execute one application as another user. Note that the user doesn't have to be root. For example, you could have the users "chuck" and "liz" and give chuck sudo privileges to run a script as liz  – just that script, and just as liz, not as root.

The most common use case on Fedora being run as a desktop, however, is to employ sudo to run administrator commands instead of switching to root. For example, the command

$ sudo yum update

tells the system "I'd like to run yum update as root and then return to my normal user privileges."

For the most part, you never actually have to touch the terminal to make use of administrator privileges. Instead, Fedora has several utilities that will give you the option of authenticating with your password to manage your system and then return to normal user privileges. I'll start with working with users.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • SELinux

    SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.

  • SE Linux

    SELinux provides a safer system through the powerful concept of mandatory access controls.

  • Insecurity News
  • AppArmor vs. SELinux

    Security Enhanced Linux or App Armor? Linux Magazine invited two well-known personalities from Red Hat and Novell to debate the merits of their security systems.

  • Securing Your Systems

    We'll show you how the lessons learned in the 1980s movie "The Karate Kid" can be applied to securing your systems.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia