Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Let's say I'm learning Linux to try to administer a web server for a website...why can my Linux system not have just one user (me) in addition to the root superuser, which would solve so many security problems, wouldn't it?
Members of the website would not have actual accounts on the Linux server and their own directories under /home, but instead their 'accounts' would just be managed through PHP and they would have directories under htdocs/ in Apache.
Perhaps as a newbie I am highly uninformed and naive, but why don't other small-to-medium scale websites use a similar approach? Wouldn't this save so much security hassle, and keep things like permissions and everything so neat, tidy, simple, and secure?
Think about it a minute ... suppose there are only two users on the system. Therefore, when anything at all runs, it runs with either your privileges or root's. What I'm getting at is that user accounts are a way to partition people/services off from one another. It doesn't always work so great, which is why there are enhanced security products like SELinux or GRSecurity. But the principle is sound, partition off priviliges. Think of it another way: Suppose many processes are running as user "tim" (hey, that's me). Suppose one of them has a hole in it.. Well then all of them can be easily compromised, since "tim" controls them all. This becomes the case when you are a web host with many customers. All of them can write PHP scripts. All those scripts run as apache ... see the problem? This is why I run PHP as a CGI with suexec so that PHP scripts run as the individual user, not the Web server.
However, you're not totally on the wrong track, though. Many Web content management systems do allow you to create users within their system and edit various parts of your Web site maintained by the CMS. But this is not terribly flexible if you want/need to give everyone complete control over their own little chunk of the server.
So what about creating a user for each process that you know you will be running as a Linux web server. You, the web admin, would still be the only one who can log into each one, and each user is really just a different 'you' on the system to prevent the vulnerability you described above.
I guess my question from before could be better stated as the following: Can you run a fully-functional, effective Linux web server with every user on the system being only root or you?
Certain services and applications that are installed on your computer, by architecture of the code, are associated with a certain user account. Most of the time these user accounts have little to no rights at all over anything except the folders and files that are needed for that program to run. Since everything has an owner, it seems right to create a user that has the rights over the files it uses. So, for one program, I can create user1... he has control over all the files needed for this service and possibly NO rights for anything else. That's good enough security for most. If you, root, have control over all of these things solo, that is a receipe for disaster. The great thing about rights of these "built-in" user accounts is the limitation of scope and so they can NEVER screw up something else that they're not supposed to. With all the processes running, there is no way that you could ever see and control them all at the same time incase anything were to go wrong.
"everything has its owner, and they all own something" is a nice quote someone gave me once, even if something is "nothing" lol
try this...
cat /etc/passwd
this might give you an understanding on how all of these services need their own account.
Analogy:
a butcher prepares raw food.
a cook prepares the meal.
a baker prepares the dessert.
they all have their own function, and their own workspace, the shop, the stove, and the oven.
they know their areas and limitations very well and do their job very well.
but if you fired them all and tried to do all of it yourself before your banquet... you'd be S.O.L. my friend while you burn one hand, some farm animal is bitin off the other... ok, so that's a little off topic but you get the point
(why do I feel hungry now.... ^_^ )
Last edited by selfxplanatory; 03-31-2005 at 02:42 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
