Merge pull request #17 from SCAR-iT-COLO/12-sanitize-chapter-5
Sanitize Chapter 5
This commit is contained in:
Ganome
GitHub
commit
8cebf78356
@ -12,17 +12,16 @@ Sudo operates on the principle of least privilege, allowing users to run specifi
|
|||||||
|
|
||||||
The basic syntax for sudo is:
|
The basic syntax for sudo is:
|
||||||
|
|
||||||
```
|
`sudo [options] command`
|
||||||
sudo [options] command
|
|
||||||
```
|
|
||||||
|
|
||||||
### Common Options
|
### Common Options
|
||||||
|
|
||||||
- `-u` username: Run the command as a user other than root
|
- `-u`: username: Run the command as a user other than root
|
||||||
- `-i:` Simulate initial login (shell)
|
- `-i`: Simulate initial login (shell)
|
||||||
- `-s:` Run the specified shell
|
- `-s`: Run the specified shell
|
||||||
- `-l:` List the allowed commands for the current user
|
- `-l`: List the allowed commands for the current user
|
||||||
- `-v:` Validate and update the user's timestamp without running a command
|
- `-v`: Validate and update the user's timestamp without running a command
|
||||||
|
- `-E`: Preserve the current "E"nvironment
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
@ -30,9 +29,7 @@ Sudo's behavior is controlled by the /etc/sudoers file. This file defines who ca
|
|||||||
|
|
||||||
>**To edit the sudoers file:**
|
>**To edit the sudoers file:**
|
||||||
|
|
||||||
```
|
`sudo visudo`
|
||||||
sudo visudo
|
|
||||||
```
|
|
||||||
|
|
||||||
## Basic sudoers File Structure
|
## Basic sudoers File Structure
|
||||||
|
|
||||||
@ -44,35 +41,25 @@ root ALL=(ALL:ALL) ALL
|
|||||||
%sudo ALL=(ALL:ALL) ALL
|
%sudo ALL=(ALL:ALL) ALL
|
||||||
|
|
||||||
# Allow specific user to run specific commands without a password
|
# Allow specific user to run specific commands without a password
|
||||||
username ALL=(ALL) NOPASSWD: /path/to/command1, /path/to/command2
|
#username ALL=(ALL) NOPASSWD: /path/to/command1, /path/to/command2 #remove comment at beginning of line
|
||||||
```
|
```
|
||||||
|
|
||||||
### Usage Examples
|
### Usage Examples
|
||||||
|
|
||||||
- Run a command as root:
|
- Run a command as root:
|
||||||
```
|
`sudo apt update`
|
||||||
sudo apt update
|
|
||||||
```
|
|
||||||
|
|
||||||
- Edit a system file:
|
- Edit a system file:
|
||||||
```
|
`sudo nano /etc/hosts`
|
||||||
sudo nano /etc/hosts
|
|
||||||
```
|
|
||||||
|
|
||||||
- Switch to root user:
|
- Switch to root user:
|
||||||
```
|
`sudo -i`
|
||||||
sudo -i
|
|
||||||
```
|
|
||||||
|
|
||||||
- Run a command as another user:
|
- Run a command as another user:
|
||||||
```
|
`sudo -u username command`
|
||||||
sudo -u username command
|
|
||||||
```
|
|
||||||
|
|
||||||
- List allowed commands:
|
- List allowed commands:
|
||||||
```
|
`sudo -l`
|
||||||
sudo -l
|
|
||||||
```
|
|
||||||
|
|
||||||
### Sudo vs. Su
|
### Sudo vs. Su
|
||||||
|
|
||||||
@ -103,8 +90,4 @@ While both sudo and su can be used to gain root privileges, sudo is generally pr
|
|||||||
|
|
||||||
- Forgotten sudo password: Boot into recovery mode to reset the password
|
- Forgotten sudo password: Boot into recovery mode to reset the password
|
||||||
|
|
||||||
- Syntax errors in sudoers: Use visudo to edit and check for errors
|
- Syntax errors in sudoers: Use visudo to edit and check for errors
|
||||||
|
|
||||||
# Conclusion
|
|
||||||
|
|
||||||
The sudo command is a powerful tool for managing privileges in Linux systems. By understanding its configuration and usage, system administrators can maintain a secure environment while still allowing users to perform necessary tasks with elevated permissions.
|
|
||||||
@ -1,4 +1,4 @@
|
|||||||
# File Permissions in Linux: A Comprehensive Guide
|
# Understanding File Permissions in Linux
|
||||||
|
|
||||||
## 1. Introduction to File Permissions
|
## 1. Introduction to File Permissions
|
||||||
|
|
||||||
@ -23,15 +23,13 @@ There are three types of users:
|
|||||||
|
|
||||||
To view file permissions, use the `ls -l` command. The output will look like this:
|
To view file permissions, use the `ls -l` command. The output will look like this:
|
||||||
|
|
||||||
```
|
`-rwxrw-r-- 1 user group 4096 Jul 22 10:00 example.txt`
|
||||||
-rwxrw-r-- 1 user group 4096 Jul 22 10:00 example.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
Let's break down this information:
|
Let's break down this information:
|
||||||
- First character: File type (- for regular file, d for directory)
|
- First character: File type (- for regular file, d for directory)
|
||||||
- Next 9 characters: Permissions for owner, group, and others
|
- Next 9 characters: Permissions for owner, group, and others
|
||||||
- User and group names
|
- User name and group names
|
||||||
- File size
|
- File size in bytes
|
||||||
- Last modification date and time
|
- Last modification date and time
|
||||||
- File name
|
- File name
|
||||||
|
|
||||||
@ -66,9 +64,7 @@ The sum of these values for each user category represents the permissions:
|
|||||||
### Using chmod with Symbolic Notation
|
### Using chmod with Symbolic Notation
|
||||||
The `chmod` command is used to change file permissions. The basic syntax is:
|
The `chmod` command is used to change file permissions. The basic syntax is:
|
||||||
|
|
||||||
```
|
`chmod [who][operation][permissions] filename`
|
||||||
chmod [who][operation][permissions] filename
|
|
||||||
```
|
|
||||||
|
|
||||||
- Who: u (user/owner), g (group), o (others), a (all)
|
- Who: u (user/owner), g (group), o (others), a (all)
|
||||||
- Operation: + (add), - (remove), = (set exactly)
|
- Operation: + (add), - (remove), = (set exactly)
|
||||||
@ -144,8 +140,4 @@ Example:
|
|||||||
- Always use the principle of least privilege
|
- Always use the principle of least privilege
|
||||||
- Regularly audit file permissions
|
- Regularly audit file permissions
|
||||||
- Be cautious when using recursive permission changes
|
- Be cautious when using recursive permission changes
|
||||||
- Understand the implications of SetUID and SetGID bits
|
- Understand the implications of SetUID and SetGID bits
|
||||||
|
|
||||||
## 11. Conclusion
|
|
||||||
|
|
||||||
Understanding Linux file permissions is crucial for maintaining system security and proper access control. By mastering these concepts and commands, you can effectively manage file access and protect sensitive data on your Linux systems.
|
|
||||||
@ -29,12 +29,12 @@ In Linux, every user and group is assigned a unique numerical identifier. For us
|
|||||||
- GID 65534 (nogroup): Often used for unprivileged processes.
|
- GID 65534 (nogroup): Often used for unprivileged processes.
|
||||||
|
|
||||||
## 6. Viewing and modifying UIDs and GIDs:
|
## 6. Viewing and modifying UIDs and GIDs:
|
||||||
- View current user and group: id command
|
- View current user and group: `id $USER`
|
||||||
- View all users: cat /etc/passwd
|
- View all users: cat /etc/passwd
|
||||||
- View all groups: cat /etc/group
|
- View all groups: cat /etc/group
|
||||||
- Change a user's UID: usermod -u NEW_UID USERNAME
|
- Change a user's UID: `sudo usermod -u NEW_UID USERNAME`
|
||||||
- Change a group's GID: groupmod -g NEW_GID GROUPNAME
|
- Change a group's GID: `sudo groupmod -g NEW_GID GROUPNAME`
|
||||||
- Add a user to a group: usermod -aG GROUPNAME USERNAME
|
- Add a user to a group: `sudo usermod -aG GROUPNAME USERNAME`
|
||||||
|
|
||||||
## 7. UIDs, GIDs, and file permissions:
|
## 7. UIDs, GIDs, and file permissions:
|
||||||
- Each file and directory in Linux has an owner (UID) and a group (GID).
|
- Each file and directory in Linux has an owner (UID) and a group (GID).
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user