As we saw in the previous post Ubuntu Security (I) - Introduction one of the pillars of the strength of GNU / Linux is its powerful user management and permissions.
- In this article we will see how to make proper use of this management, greatly enhancing security of our system, both locally and remotely.
There are several types of user accounts that provide different levels of access for use and system administration. Make sure you are always using the user account that meets your needs, an account with more permissions than needed also involves more risk than necessary. 
user with administrative permissions This is the user that is created during installation of the system is allowed to use all installed applications, save or modify content in your personal folder and may temporarily assume the duties of an administrator using the command sudo This user is indicated for daily work and management of common desktop systems. user without administrative permissions
This is the type of users that are created from
menu System - Administration - Users and groups , has permission to use any application and save or modify information in your personal folder. May not exercise administrative tasks or use the command sudo
.
.
- Creating a user
If you need to create more users to others to use your system should use these accounts. So whatever happens will not alter the configuration of the system, only your personal options.
If you need administrative permissions to these users can do so from
- menu System - Administration - Users and Groups - Advanced settings - User privileges - Manage system
-
-
Guest User
This account is present in Ubuntu and some other distributions allows access to the system with an unprivileged user, no password allows the use of most applications, but do not store or modify data or indeed to assume administrative duties. (You can save data but it will be lost when you log off.)
This account is very helpful in public access computers, demonstrations, or any situation where you want someone to use the system without changing anything.
To access this account you must do so from a user session and started by clicking the session control applet, select invited session. + Info
guest user access
. + Info
User root This is the administrative user traditionally used in all Linux distributions, but in Ubuntu has disabled this account and instead use the command sudo
-
The advantages of using sudo to root against are: minimizing the possibility of disaster careless administrative account to be active for less time, making the user more aware of what actions and which do not pose danger or used to Administrative use permits only when strictly necessary, among other reasons.
Some users are not accustomed to working in Ubuntu so insist on the activation of this account (by putting endanger the safety of the system). If this is your case, the root account activation is done with the command: sudo passwd root
This will assign a root password allowing access to the system and use its
command. Once the administrative task in question is recommended to re-disable this account with the command: sudo
passwd-l root
-
The password is the key that locks the door the privacy of each user. For this reason it is worth spending a little time to choose the password.
Criteria for choosing a password:
must be at least 6 characters
preferably containing combinations of uppercase, lowercase, symbols and numbers
must not contain any characters easily deduced by the data "visible" user ( ie type password prevents user1)
Preferably using randomly created passwords
Examples of poor username / password combinations: usuario/usuario1, root / toor, usuario/1234, user / aaaaaaaa, user / nameExamples of good passwords : ffagh61w, OP9% SSAS
If your password does not meet these requirements can easily be "cracking and" brute force program. To change the password and assign a better
Advanced settings - Privileges Users
To access this account you must do so from a user session and started by clicking the session control applet, select 
Password
is tempting
disable password to give you greater access This would be equivalent to always leave the car open so as not to open it (and with the keys!). Try to avoid the options
not ask the password again when logging
- (
- menu Users and Groups) and Sign in as a user automatically
- (menu screen access
- )
Disable automatic access to the system
Change permissions g roups
-rw-r ----- 1 dani 07/06/2010 18:24 77,951 users screenshot_001.png In this example the screenshot_001.png
file is owned by user
dani, belongs to
- users and their permissions are: reading and writing to the owner (the first rw-) reading for the rest of the group of users users ( r -
--- ). + Info
Sometimes we find we do not have permission to perform one or another action on a file (eg we can not run a downloaded file, or the publisher tells us that we can not save changes to a text file.) The solution is not to become root, the solution is to establish the correct file permissions.
To change the permissions of a file use the command chmod
if the file is not owned by us). Each type of permission is assigned a number: read = 4 write = 2, run = 1, these permissions can be added and should be reported to the owner, group and other users. Some examples: Sometimes we find we do not have permission to perform one or another action on a file (eg we can not run a downloaded file, or the publisher tells us that we can not save changes to a text file.) The solution is not to become root, the solution is to establish the correct file permissions.
To change the permissions of a file use the command chmod
(with sudo # chmod 777 file permission assigned reading (4) + write (2) + execute (1) for the owner, group and world chmod 600 #
users assigned read permission (4) + write (2) the owner, group and other users have no access
# chmod 755 all permissions for owner, read and execute the rest + info If these commands will seem too complicated you can always use the file manager to change the permissions by right-clicking on the file you want to change and choosing Properties - Permits Properties - Permissions
Another common misconception is that the file owner or group improperly allocated (ie occurs for example if you use some programs to root when it should). Again the solution is not to become root (or rather this is the source of the problem), the solution is correctly set the file owner and group.
For this, use the command chown (with sudo if the file is not your property). Its use is quite simple, with one example will suffice: sudo chown
More
sudo vs root
The guest user Nomenclature
permissions and user management groups
Related Articles
users assigned read permission (4) + write (2) the owner, group and other users have no access
# chmod 755 all permissions for owner, read and execute the rest + info If these commands will seem too complicated you can always use the file manager to change the permissions by right-clicking on the file you want to change and choosing Properties - Permits Properties - Permissions
Another common misconception is that the file owner or group improperly allocated (ie occurs for example if you use some programs to root when it should). Again the solution is not to become root (or rather this is the source of the problem), the solution is correctly set the file owner and group.
For this, use the command chown (with sudo if the file is not your property). Its use is quite simple, with one example will suffice: sudo chown
dani: dani File # assign the owner and the group dani dani the file
+ info More
sudo vs root The guest user Nomenclature
permissions and user management groups
Related Articles
- Security
0 comments:
Post a Comment