Hi, I’ve been fiddling with PopOS the past year on an old laptop and I like it. I’m getting ready to convert my windows 10 desktop to Pop and leave windows behind entirely, before I do I want to be sure I understand a few security concepts.
I’ve read suggestions that say don’t run as root, create a separate user account and only use root when necessary. Do you give that user account sudo privileges? If so, is that any different from just being root?
Also I’ve installed the ufw firewall but left it with default settings. Is that something I need to look into more?
Thanks in advance!
If so, is that any different from just being root?
In security terms it’s slightly different, in that if an attacker gains access to your account they would have to do a small amount of trivial work to gain root. But yeah it makes no real difference to security. Cargo cultists would object to this but they don’t know what they’re talking about:
- https://xkcd.com/1200/
- Local privilege escalation bugs are very common in Linux.
- You don’t even need that - it’s trivial to MitM
sudo
.
I think the real reason to use a normal user account and give it sudo privileges is that it prevents you accidentally hosing your system. You can’t accidentally
rm -rf /
.Another reason you might not want to do it is that a fair amount of software will get pissy with you if you run it as root and tell you not to.
Thanks, this is very clear.
First off
sudo
stands for “super user do” i.e “do something as the super user”. The super user is root.sudo --shell
starts a shell with super user / root privileges.sudo someCommand
runssomeCommand
with super user privileges.In windows, for a really long time, your user had admin rights. When windows Vista came along, Microsoft had finally understood that that was a pretty bad idea and copied linux (or unix? whatever). That popup you get when installing stuff asking you for admin access? That’s a form of
sudo someCommand
with an interface built on top. You’ll get to see that in linux desktop environments too for example when you want to install new packages or update your system.The reason why it’s a bad idea to always have admin access without a password, is that if you are ever infected or you forget your computer unlock, somebody can’t just install something at system level. It’s a small hurdle, but every little bit counts. It also allows you to separate users between those that do have the right to login as the root user and those that don’t.
Users without super user access are quite common as an additional form of security because if they are infested or a process being run by them is, then it’s more difficult for them to infect other users. For example if you have a user called
chatserver
that runs theircd
(IRC daemon) process, if your daemon (aka service) is hacked, the most damage they should be able to do is extract the data thechatserver
user has access to. They won’t be able to access your userdata as it’s stored in/home/yourusername
, which can only be accessed by theyourusername
user and theyourusername
group (plus ofcourseroot
).It’s not a 100% fault-proof system, but it’s better than stepping into your house and having access to the master bedroom and your safe without having the key to it.
It’s actually “switch user” or “substitute user” do. By default, the user is root.
Thank you for the clear explanation!
Single user on a single (physical, local) host, best security practices:
Have root user.
Have a administrative account that has sudo privs
Have a daily driver with no excessive privs.
Set PermitRootLogin no in your ssh config to be extra.
Only use your administrative account to use sudo, only when you need it.
This is a bit over extra, but is slightly favorable from a security standpoint, opposed to simply using that admin account as your daily driver, like everyone reading this does.
Don’t lie. We all do it.
Root is more powerful only in that the system will not check for its permissions to do anything. Your user with sudo still gets its permission checked, you can just bypass that check. It’s not fundamentally different in an end-result sense.
The reason I suggest the three user approach above is because your daily driver will make the most noise that interests an attacker (provided you’re keeping your applications and services updated and properly config’d) on your machine. And if that user has no real privileges, womp womp, sucks to suck, hackerman. But if the user has sudo, they basically got root.
This is also why you don’t run as root.
As for your firewall? Short answer: yes.
Only problem with this is that I feel like I’m constantly using sudo, but maybe that’s just me.
That’s why so many people daily drive an admin account.