Every action performed on a Linux system occurs within a security context.
Some actions require little trust:
- Reading public files
- Viewing system information
- Executing personal scripts
Other actions require significant trust:
- Installing software
- Creating users
- Modifying services
- Reading sensitive files
- Changing system configuration
Linux controls this through privileges.
Privileges determine what an identity is permitted to do.
What Is a Privilege?
A privilege is the authority to perform a specific action.
Examples:
| Action | Privilege Required |
|---|---|
| Read own files | Usually no elevation |
| Read another user's files | Depends on permissions |
| Install packages | Usually elevated |
| Modify other users' services | Usually elevated |
| Create users | Elevated |
| Reboot system | Elevated |
Privileges determine what actions are possible.
Permissions determine which resources are accessible.
The two concepts are closely related but not identical.
The Principle of Least Privilege
Linux follows a simple security principle:
Give only the access required to perform a task.
Examples:
| Account | Intended Access |
|---|---|
| alice | Daily work |
| www-data | Web server |
| mysql | Database service |
| root | Administrative control |
This reduces risk when accounts are compromised.
If a web server runs as root and becomes compromised, the attacker inherits root privileges.
If it runs as a restricted account, the damage is limited.
Root
The highest-privileged account on Linux is:
root
Root possesses:
- UID 0
- Administrative control
- Ability to manage users
- Ability to manage services
- Ability to modify system configuration
- Ability to access most files
- Ability to install software
Root is often referred to as the superuser.
Root is not a permission. Root is a user account.
The privileges associated with root primarily exist because root possesses UID 0.
Linux ultimately trusts UIDs rather than usernames.
Why Root Exists
Many administrative actions require unrestricted access.
Examples:
- Installing software
- Managing services
- Creating users
- Modifying networking
- Updating the operating system
Rather than granting every user full control, Linux centralizes administrative power within root.
Becoming Root
Administrative tasks are often performed by temporarily obtaining root privileges.
Examples:
sudo bash
sudo su
sudo systemctl restart nginx
The exact mechanism depends on system configuration.
Sudo
Most administrators do not log in directly as root.
Instead, Linux commonly uses:
sudo
which stands for:
Superuser Do
Sudo allows approved users to execute commands as another user, commonly root.
Example:
sudo apt update
The command executes with elevated privileges while the user remains logged in as themselves.
However, sudo can also be used to impersonate other users as well.
Example:
sudo -u postgres bash
sudo -u www-data bash
Why Sudo Is Preferred
Direct root usage creates problems:
- Reduced accountability
- Shared administrative access
- Difficulty auditing activity
Sudo provides:
- Auditing
- Controlled privilege assignment
- Reduced root usage
- Better accountability
Many enterprise environments prefer sudo over direct root access.
Sudo Configuration
Sudo behavior is typically controlled through:
/etc/sudoers
and
/etc/sudoers.d/
These files determine:
- Who may use sudo
- Which commands may be executed
- Which users may be impersonated
SUID
Linux provides a special permission known as:
SUID
(Set User ID)
When applied to an executable, the program executes using the owner's privileges rather than the caller's privileges.
Example:
-rwsr-xr-x
Notice:
s
replacing:
x
in the owner's execute position.
Why SUID Exists
Some programs require elevated access to perform specific tasks.
A common example is:
passwd
A normal user may change their password.
However, password information is stored in protected files.
SUID allows the program to perform the necessary privileged operations without granting the user full root access.
Security Implications of SUID
Misconfigured SUID programs can create privilege escalation opportunities.
Questions Operators commonly ask:
- Which SUID binaries exist?
- Are they expected?
- Are they vulnerable?
- Can they be abused?
Many Linux privilege escalation techniques involve SUID binaries.
Capabilities
Historically, Linux privileges were largely binary:
| State | Meaning |
|---|---|
| Root | Full privileges |
| Non-root | Restricted privileges |
Capabilities provide a more granular approach.
Instead of granting all privileges, specific privileges may be assigned.
Examples:
| Capability | Purpose |
|---|---|
| CAP_NET_BIND_SERVICE | Bind to privileged ports |
| CAP_NET_ADMIN | Network administration |
| CAP_SYS_ADMIN | Broad administrative capabilities |
Capabilities help reduce the need for full root access.
Why Capabilities Matter
Without capabilities:
Need privileged operation
→ Run as root
With capabilities:
Need privileged operation
→ Grant only the required capability
This improves security by reducing excessive privilege.
Privilege Escalation
Privilege escalation occurs when a user gains privileges beyond those originally granted.
Examples:
| Starting Context | Escalated Context |
|---|---|
| alice | root |
| www-data | root |
| mysql | root |
Privilege escalation may result from:
- Misconfigurations
- Vulnerable software
- Weak permissions
- Dangerous SUID binaries
- Excessive sudo rights
Operator Perspective
When approaching an unfamiliar Linux system, Operators commonly ask:
Root
- Is root accessible?
- Is direct root login allowed?
Sudo
- Who can use sudo?
- What commands are permitted?
- Is sudo usable without a password?
SUID
- Which SUID binaries exist?
- Are any unusual or custom?
Capabilities
- What capabilities are assigned?
- Are they excessive?
Services
- Which users run services?
- Do services run as root unnecessarily?
Understanding privileges often determines whether an Operator can move from initial access to full system control.
Key Takeaways
- Privileges determine what actions may be performed.
- Root is the highest-privileged account on Linux.
- Root is identified by UID 0.
- Sudo allows controlled privilege elevation.
- Sudo configuration is typically stored in
/etc/sudoers. - SUID allows executables to run using the owner's privileges.
- Capabilities provide granular privilege assignment.
- Least privilege is a core security principle.
- Misconfigured privileges frequently lead to privilege escalation.
- Understanding privileges is essential for both defenders and attackers.
The next lesson explores how Linux systems communicate with one another through networking.