Linux Security Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 12: Line 12:
=Discretionary Access Control=
=Discretionary Access Control=
{{External|https://wiki.archlinux.org/index.php/users_and_groups}}
{{External|https://wiki.archlinux.org/index.php/users_and_groups}}
==Effective User ID==
==Effective User ID==
 
==Effective Group ID==
=Effective Group ID=
==Supplementary Group List==
=Supplementary Group List=
=Linux Capabilities=
=Linux Capabilities=
{{Internal|Linux_Capabilities#Overview|Linux Capabilities}}
{{Internal|Linux_Capabilities#Overview|Linux Capabilities}}

Revision as of 22:49, 1 March 2021

Internal

Privileged Process

Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: privileged processes and unprivileged processes. A privileged process is a process with its effective user ID is 0, referred to as superuser or root. Privileged processes bypass all kernel permission checks.

TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Privileged_Container

Unprivileged Process

An unprivileged process is a process with a non-zero its effective user ID. Unprivileged processes are subject to full permission checking based on the process' credentials: effective UID, effective GID and supplementary group list.

Discretionary Access Control

https://wiki.archlinux.org/index.php/users_and_groups

Effective User ID

Effective Group ID

Supplementary Group List

Linux Capabilities

Linux Capabilities