this post was submitted on 19 Jul 2023
26 points (100.0% liked)

Linux

48655 readers
776 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hi everyone 🙂

TLDR

How do you work with debian and su permission and what's the best way to do it for better security?

  • Add an user in the sudoers?
  • Give special permissions to a group? User?
  • Always connect to su - (default root)?
  • Add users to groups?

The story is unrelated to the question, but is a direct cause

This is rookie question even though I use linux (ubuntu and recently debian) regularly and have alot of selfhosted docker containers on an old spare laptop.

While this is probably one of the basics you need to know right away when playing arround with sudo or su I wasn't aware of how you can f#ck everything up with a single command

chmod -R xxx /home/$USER

chown -R ...

Why would you do that? Because I'm stupid and how sometimes no idea what I'm doin? I was actually trying to change some permission to create a samba share (that's another story xD).

Trying to revert everything, alot of my docker containers, certificates and special files were unreadable, unexecutable... That broke my nextcloud instance, synchthing functionalities, linkding http shortcut...

With that big incident, I learned how users, root, sudo/su permission work and recently found out you can add users to groups, like docker so you don't have to 'sudo docker' everytime.

My question

How do you work with debian and su permission and what's the best way to do it for better security?

  • Add an user in the sudoers?
  • Give special permissions to a group? User?
  • Always connect to su - (default root)?
  • Add users to groups?

Because this is in a homelab environment, there is a minimal risk compared to exposed instances, but I'm interested to learn the best practice right away !

Thank you 😊

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

never issue a command not related to package management with sudo or an su’d shell without trying it as a user first, and if it doesn’t work as a user, stopping and thinking about why not and what you were trying to do in the first place.

Thank you ! Because I was always using the root user for everything I also fucked-up my home directories, which really didn't looked great ! I fixed everything right now (New user, new directory/file system, everything to the correct owner...) and will only add my specific user to the needed groups. I like that workflow, because having to sudo to everything with the root user really give me security concerns ! 👍

[–] [email protected] 1 points 1 year ago

After a time, you do get a sense for what has to be done as root and what doesn't, but giving commands as the root user should be the exception, rather than the rule. The idea is to habituate yourself to using a non-root shell whenever you can.