User Accounts, Access, Privileges, and Security on Linux

S

sphen

Well-Known Member
Joined
Dec 12, 2022
Messages
871
Reaction score
763
Credits
10,429
I wrote the following in response to a post, but decided that it was too much, so I decided to start a new thread to share the information. I hope this helps others.
I have Linux servers that are exposed on the internet. They get a lot of attention from attackers, same as most public-facing servers. They have the following user accounts:
  • Remote Connection Account - A standard unprivileged user with no files other than the public key information for remote SSH connections. This is the only account that can connect to the server (sshd_config: AllowUsers). The point here is that if someone manages to break through and connect with this account, they are at a "dead end." There are no interesting files, no privileges, and hopefully not much to attack. They must create their own privilege escalation to increase their toehold on my system. (To be honest, I would be upset anyway if they managed to get this far.)
    • Remote Connection (AllowUsers): Yes
    • Other Privileges: No
  • Working Account - A standard unprivileged user with persistent files. This is the account I use on the server for development, testing, documents, or other typical desktop-like work where I create files, build stuff, or whatever.
    • Remote Connection: No
    • Other Privileges: No
  • Admin Account - An account with "admin" privileges. This is usually created by the Linux installer. What makes this account special is that it is the only account on the sudo'ers list. (visudo). I use this account for updates, software installation and maintenance, system configuration, etc. When needed, I use "sudo" or become root from here (see below).
    • Remote connection: No
    • Sudo: Yes
    • Superuser: No
  • root Account - Disabled. If I want to be root, I use "sudo su -" from the Admin account. Don't be afraid to do that if you want to be root.
  • Other Accounts - As needed. Follow the practice of "least privilege." Give them only the privileges that are essential to their correct operation, and don't just do it automatically without thinking.
Typical Operating Scenario:
  • SSH using the Remote Connection account with public key authentication (passwords are disabled).
  • Depending on the work scenario:
    • If it is working on work (documents, development, testing, whatever):
      • "su WorkAccount"
    • If it is maintaining the server (updates, upgrades, software installation, etc.)
      • "su AdminAccount"
      • Use "sudo" for commands that require superuser (root) privileges
        • Example: "sudo apt update"
      • For persistent root: "sudo su -"
        • You will be logged in as root and do not need to use "sudo".
Note: The "exit" command will log out of the account you are using and drop you back to the previous account. Enough "exit" commands and you will eventually exit the SSH session from the RemoteConnection account.

DESKTOP USERS:
I do the same thing with all desktop systems, whether Linux, Mac, Windows, or whatever. I do not usually enable remote connections on desktops, but the principle of "Least Privilege" applies:
  • Working Account - The day-to-day-to-day work happens in the unprivileged Working account.
    • I am logged into that Working account on my desktop computer now as I type this. Standard privileges only.
    • Just because it has Standard privileges, you don't "get a pass" on following good security practices.
      • Your computer can still be attacked or infected with a bad link or by opening the wrong file. The advantage of an unprivileged account is that the attacker's code must gain more privileges to embed their malware on your system. (Sorry to say this, but sometimes they manage to do it anyway.)
    • Don't be tempted to cheat. If you are in an unprivileged account and are prompted to enter the Admin password, ask yourself: "Why is this prompt appearing?" and "Am I in the right account for this activity or operation?" Most of the time, I cancel out the prompt and do it the "right way."
  • Admin Account - The Admin account is used for updates, software installation, system configuration, etc.
I hope this helps someone.

(Later: Edited for clarity.)
 
Last edited:


There is an active, ongoing thread titled "Post a screenshot of your Desktop".
https://www.linux.org/threads/post-a-screenshot-of-your-desktop.124/

I responded there, but would like to share more. I put it here so it would not get lost in the active thread.

-> The important message here is that I use the Desktop background color and the Terminal character color as an intentional reminder of which account is in use. The privileged Admin account and the unprivileged working account use different colors to distinguish between them.

DESKTOP

For the past few years, my desktops have been solid colors. I prefer medium dark colors to reduce glare and help the icons and other features stand out.

The important message is that I use the desktop background color remind me of which account is active.
  • The Admin account desktop is solid gray.
  • The unprivileged working account desktop is solid medium/dark blue.
TERMINAL

Background:
Back in the day, everyone used DEC VT-100 terminals. They were CRTs (picture tube TVs) with fuzzy white characters on a black background. They were awful, and driving home at the end of a day spent in front of a VT-100 could be challenging for some people.

Later, they invented terminals with green letters on a black background. The claims were that the sharper, brighter, faster green phosphor was easier on the eyes, resulting in less fatigue and eyestrain at the end of a day's work. A year or two later, and amber characters on black terminals appeared. The claims were that amber was even better than than green. At workplaces, I was often given a choice of amber or green. Most people (including me) chose the newer amber, but some preferred green. For the terminal windows on my systems, I have tried to replicate those same colors out of nostalgia.

Like the desktop above, I use the terminal window to remind me of which account is active. I tried to match the colors that I remembered from the old CRT terminals of the past. Because amber is my favorite, I chose it for my working account, and use green for the Admin account:
  • The Admin account terminal window is green characters on a black background:
    • Black Background: #000000
    • Green Characters (also used for bold): #00FF00
    • Green Character Selection with the Mouse: #005300
  • The unprivileged working account terminal window is amber characters on a black background:
    • Black Background: #000000
    • Amber Characters (also used for bold): #FFBA32
    • Amber Character Selection with the Mouse: #7F5D19
 
You must log in or register to reply here.

Similar threads

wizardfromoz
Tutorial Mythbusting - How Much Unused/Unallocated Space To Allow On My Drive? - Wizards Corner
2
Replies
20
Views
3K
wizardfromoz
wizardfromoz
CaffeineAddict
How are group permissions assigned privileges?
Replies
5
Views
2K
Trml
Trml
LinuxBot
Ubuntu Security Update USN-8374-1: Linux kernel vulnerabilities
Replies
0
Views
46
LinuxBot
LinuxBot
Jarret B
Getting Started with the Radxa X5 SBC on Linux
Replies
3
Views
9K
Jarret B
Jarret B
CaffeineAddict
Tutorial Configure encrypted DNS on Linux including DNSSEC
Replies
5
Views
752
AlphaObeisance
AlphaObeisance


Follow Linux.org

Staff online

Members online

Total: 4,574 (members: 5, guests: 4,569)

Latest posts

Top