Linux Security Concepts: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 12: | Line 12: | ||
=Discretionary Access Control= | =Discretionary Access Control= | ||
{{External|https://wiki.archlinux.org/index.php/users_and_groups}} | {{External|https://wiki.archlinux.org/index.php/users_and_groups}} | ||
==Effective User ID== | ==Effective User ID== | ||
==Effective Group ID== | |||
=Effective Group ID= | ==Supplementary Group List== | ||
=Supplementary Group List= | |||
=Linux Capabilities= | =Linux Capabilities= | ||
{{Internal|Linux_Capabilities#Overview|Linux Capabilities}} | {{Internal|Linux_Capabilities#Overview|Linux Capabilities}} | ||
Revision as of 22:49, 1 March 2021
Internal
Privileged Process
Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: privileged processes and unprivileged processes. A privileged process is a process with its effective user ID is 0, referred to as superuser or root. Privileged processes bypass all kernel permission checks.
TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Privileged_Container
Unprivileged Process
An unprivileged process is a process with a non-zero its effective user ID. Unprivileged processes are subject to full permission checking based on the process' credentials: effective UID, effective GID and supplementary group list.