this post was submitted on 15 Jan 2025
13 points (100.0% liked)

linux4noobs

1488 readers
19 users here now

linux4noobs


Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.


Seeking Support?

Community Rules

founded 1 year ago
MODERATORS
 

Hi, I've been fiddling with PopOS the past year on an old laptop and I like it. I'm getting ready to convert my windows 10 desktop to Pop and leave windows behind entirely, before I do I want to be sure I understand a few security concepts.

I've read suggestions that say don't run as root, create a separate user account and only use root when necessary. Do you give that user account sudo privileges? If so, is that any different from just being root?

Also I've installed the ufw firewall but left it with default settings. Is that something I need to look into more?

Thanks in advance!

you are viewing a single comment's thread
view the rest of the comments
[–] onlinepersona@programming.dev 3 points 9 hours ago* (last edited 9 hours ago)

First off sudo stands for "super user do" i.e "do something as the super user". The super user is root. sudo --shell starts a shell with super user / root privileges. sudo someCommand runs someCommand with super user privileges.

In windows, for a really long time, your user had admin rights. When windows Vista came along, Microsoft had finally understood that that was a pretty bad idea and copied linux (or unix? whatever). That popup you get when installing stuff asking you for admin access? That's a form of sudo someCommand with an interface built on top. You'll get to see that in linux desktop environments too for example when you want to install new packages or update your system.

The reason why it's a bad idea to always have admin access without a password, is that if you are ever infected or you forget your computer unlock, somebody can't just install something at system level. It's a small hurdle, but every little bit counts. It also allows you to separate users between those that do have the right to login as the root user and those that don't.

Users without super user access are quite common as an additional form of security because if they are infested or a process being run by them is, then it's more difficult for them to infect other users. For example if you have a user called chatserver that runs the ircd (IRC daemon) process, if your daemon (aka service) is hacked, the most damage they should be able to do is extract the data the chatserver user has access to. They won't be able to access your userdata as it's stored in /home/yourusername, which can only be accessed by the yourusername user and the yourusername group (plus ofcourse root).

It's not a 100% fault-proof system, but it's better than stepping into your house and having access to the master bedroom and your safe without having the key to it.

Anti Commercial-AI license