Understanding and managing security on Fedora 20
The security models for Linux differ quite a bit from what users may be used to on Windows. We'll look at what Linux has to offer, how to manage it, and how to stay safe with Linux.
Security on Linux is a big topic. Huge. Mind-bogglingly big. You could produce an entire book on the topic (and people have) and still not be comprehensive. In realization of this, I'm going to pare down the topic to a manageable size for this article and cover some of the bare basics you need to know to use and manage your desktop system effectively.
I'll touch on the basic concepts of Linux security as they apply to Fedora 20, but I'll not get too far into the weeds in discussing theory or history. I'll describe using
sudo to run commands and discuss when you might want to use
su to become root (and, I'll explain what "root" is). You'll also learn about managing file and directory permissions, how to update your system, and managing the system firewall.
What I won't do is spend any more time at the command line than I absolutely must. A common complaint about Linux from new users is that they have to use the command line. Although I enjoy using command-line utilities most of the time, it can be confusing and there's no good reason for doing so if a GUI equivalent exists.
Security on Linux
Linux's security model is very different from what users are familiar with on Windows XP, for a number of reasons. Linux inherits many security concepts from Unix, which was designed for multiuser systems. I don't just mean a system that had more than one user account, which you can do easily under Windows XP. I mean a system that would have multiple users logged and working at the same time. This might be users from different departments or even users who had access to a system from different companies.
You might hear people say that "everything" is a file on Linux and Unix systems. This is a bit of an over-simplification, but virtually everything on your system is represented in some way as a file. For example, if you look under the
/proc directory, you'll see a bunch of numbered directories. These represent running processes on the system. For example,
/proc/1 represents the system init (systemd) process. If you look under
/dev, you'll see a bunch of directories and "special" files that represent system devices.
So, a big chunk of security revolves around permitting or denying access to files on the system to the users and processes on the system. I'll spend a fair amount of time on users and on file and directory permissions.
Another big chunk of security revolves around host access, or denying host access. So I'll talk about the system firewall from the desktop perspective and how to add new firewall rules or delete rules if they conflict with services you want to use.
Root and Users
When you set up Fedora, you're prompted to create two users: the root user and a regular user. However, you don't get much information about what the difference is or why you need two accounts.
If you're coming from Windows, you may have an "Administrator" user for your system and some regular users. The concept is pretty similar on Linux. The
root user can do pretty much anything on the system – install programs, create or remove users, manage files for the entire system, start and stop services, and so on.
Regular users, on the other hand, have permission to start some programs, manipulate files that they own, manage their own processes, and so forth. However, they can't, for example, create a new user or start and stop system processes that they don't own. (I'll talk about "owning" things a bit later.)
Some Linux distributions only set up a "regular" user and depend on the use of a utility called
sudo to let users maintain their systems. The root account still exists; it's just given a random password and the user is expected to do system management with
sudo instead of switching to root to install packages and such.
Fedora, however, allows for both. When you're installing Fedora, you're given the option of letting the new user act as an administrator, which gives the user privileges to administer the system using
What Is sudo, and How Do I Use It?
sudo command allows a user to run a command as another user. This can be a fairly broad set of privileges – such as setting up a user as Administrator – or it can be as limited as giving a user permission to execute one application as another user. Note that the user doesn't have to be root. For example, you could have the users "chuck" and "liz" and give chuck
sudo privileges to run a script as liz – just that script, and just as liz, not as root.
The most common use case on Fedora being run as a desktop, however, is to employ
sudo to run administrator commands instead of switching to root. For example, the command
$ sudo yum update
tells the system "I'd like to run
yum update as root and then return to my normal user privileges."
For the most part, you never actually have to touch the terminal to make use of administrator privileges. Instead, Fedora has several utilities that will give you the option of authenticating with your password to manage your system and then return to normal user privileges. I'll start with working with users.
Buy this article as PDF
A major setback for the Linux desktop.
Improved support for GPU in virtualization.
News site for the openSUSE community falls victim to a Wordpress exploit.
The source code is available online.
One out of three virtual machines on Microsoft Azure Cloud run Linux.
The form factor of the board makes it a drop-in replacement for Raspberry Pi.
Makes it easier for customers to move workloads into container-centric applications.
SUSE’s answer to container-centric operating systems.
Linux 4.9 is the biggest release in terms of number of commits.
The latest version of the official RHEL clone is here.