this post was submitted on 29 Jan 2024
146 points (92.9% liked)
Technology
73094 readers
3191 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A good start is using something like sudo rather than logging in as root.
sudo gives your command root permission when it runs. That way you can delete the password from the root account and it can’t be logged in with. sudo will ask for YOUR password and then check if you have permissions to elevate your command to root level.
In a simple setup, you can just use for anything you would normally do as root.
This can protect you from mistakes too, when running commands that you’ve mistyped. For example, if you want to do “rm -rf ./*” to delete all files in the current directory, but you forget the dot (period); if you’re at a root prompt, you just deleted your entire filesystem. If you’re not, then you get a permission error.
How do I manage what users can use sudo?
One issue is trying to create a user to run services under, but not knowing how to give it permission to access what it needs (while also not entirely sure what it should/shouldn't have permissions for).
Or just generally managing file permissions. I understand using chmod in a very basic capacity with a few letter arguments like +r, but then you toss in numbers (chmod 777, wut?) and I get lost.
In addition to what other posters said, some distros allow you to add a user to the “sudo” group (as a secondary group assignment; don’t make it their primary) to allow them sudo access.
Edit your /ect/sudoers file using visudo