Linux Security Concepts: Difference between revisions
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
=Privileged Process= | =Privileged Process= | ||
Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: privileged processes and [[#Unprivileged_Process|unprivileged processes]]. A privileged process is a process with its [[#Effective_User_ID|effective user ID]] is 0, referred to as superuser or root. Privileged processes bypass all kernel permission checks. | Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: privileged processes and [[#Unprivileged_Process|unprivileged processes]]. A privileged process is a process with its [[#Effective_User_ID|effective user ID]] is 0, referred to as superuser or root. Privileged processes bypass all kernel permission checks. | ||
<font color=darkgray>TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Privileged_Container</font> | |||
=Unprivileged Process= | =Unprivileged Process= | ||
Revision as of 21:47, 1 March 2021
Internal
Privileged Process
Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: privileged processes and unprivileged processes. A privileged process is a process with its effective user ID is 0, referred to as superuser or root. Privileged processes bypass all kernel permission checks.
TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Privileged_Container
Unprivileged Process
An unprivileged process is a process with a non-zero its effective user ID. Unprivileged processes are subject to full permission checking based on the process' credentials: effective UID, effective GID and supplementary group list.