Top 10 Linux operating system highlights

Our lives are getting more and more convenient because of the rapid development of science and technology in philadia. Nowadays, computers are becoming more and more popular. We use computers. Do we know how computers work? An operating system is essential to a computer. However, the Linux operating system has developed very rapidly and is catching up with Microsoft. This section describes the knowledge of Linux.

1. Why are we recommended not to log on with the root account?

> ROOT means system manager
> You have all permissions for operating and controlling the system.

Yes, the root permission is too high. If root causes problems, such as triggering viruses, executing Trojans, deleting files by mistake ,... and so on. It may be irreparable and fatal ~~
Therefore, do not use root to log on to the system unless you are forced to do so. When necessary, use su or sudo.

2. Why not add. to $ PATH?

Now, if you add. to $ PATH
Suppose someone put a shell script named ls under tmp.
#! /Bin/sh
/Bin/rm-rf/
Then root runs to the next ls under/tmp...
Understand what is going on at the meeting ~

3. Why is it best to use absolute path to execute commands with root?

This is similar to the previous one.
Assume that your $ PATH is like this.
/Bin:/usr/bin :....
Put the command you want to execute in/usr/bin
If someone tries to put the command with the same name in/bin
Which command did you run ?...

A friend answered the last two questions. The answer is very good. Please refer to it.

Add:
Because the shell script may be executed by the root user, the PATH variable is usually redefined to limit the reading range of the command,
Of course, we 'd better use the absolute path ~~ (If the command itself has become a trojan program, or has been modified, it is another matter .)

4. Why do we need to set umask?

> Control the default permissions after an archive is generated

'Effect' is to set the preset permissions, and the 'target' is to determine that the file can be executed, modified, or read only by the authorized account. For example, in the redhat system, the root umask is 022, while the common account is 002. You will find that the root account has more permissions than the umask account. When a new archive is created for the h program, the umask is adjusted.

5. Why use chown and chmod with caution?

> Chown is used to change groups and holders.
> Chmod is used to change the r w x three permissions of an archive.

If you do not use the permission accidentally, the permissions will be obtained by some people who should not have the permission. Of course, the permissions will be lost by those who should have the permission. If permission is insufficient for protection, use attribute (chattr) for further protection.

Why do we need to set file permissions on the system? Think about it ~~! We need to know:
"Permission setting is not an aim, but a means ."

6. Why not use SGID and SUIG with caution?

> It means that others use your appearance to do bad things.

To be accurate, it is mainly set for root permissions. This is often because programmers or administrators need to set the root permissions properly. It is absolutely not convenient, but the root SGID and SUID are opened. (In sendmail I mentioned later, some actions must be executed as root, so sendmail is also a favorite of intruders ~~)

Of course, the good SGID and SUID can also limit that the program can only be executed by some accounts with low permissions. You should understand why all the children that apache fork comes out of are nobody identities, right?

7. Why do we use sudo to restrict normal users to perform root actions?

> If there is no sudo
> To execute the operation, you can only perform the operation after su.
> You Need To Know the root's passwd.

Not that simple:
First, the root password should not be disclosed to too many people. Second, if a person becomes su, he can do anything with the root identity, but with sudo, You can restrict a person to do specific things with the root identity.

8. Why does ftp and telnet reject the root connection?

> Root is the most influential

Yes, it is also a common issue. The PAM, tcpwrapper, and ipfilter mechanisms are used together to restrict the running objects of services and programs. This avoids the risk of high-Permission service programs.

9. Why should I keep an eye on Security Information and fix program vulnerabilities in a timely manner?

> Because of the rapid development of Viruses
> And vulnerability discovery may occur in every today

Any program may have root permissions, such as the recent wu-ftp vulnerability, bind vulnerability, rpc vulnerability, and so on. If the vulnerability is not fixed in time, the consequences will be very dangerous. If the program vulnerabilities cannot obtain root permissions, intruders are not willing to spend a lot of time cracking. After all, they must consider the "Input/Return" ratio.

10. Why does sendmail add restricted shell later?

> I don't know.

When talking about SUID, SGID, and program vulnerabilities, we know that some programs have root permissions, and sendmail is the most popular and popular among intruders in the past, one of the reasons for cracking sendmail is that it is easy to obtain root permissions, that is, sendmail allows Yin z to call other commands, or pipe the results to shell for execution, such a shell may be a root shell, so it is very dangerous.

Later, when sendmail is compiled, it is allowed to add restricted shell. Only commands placed under (or linked to) rsh can be executed by sendmail,
To some extent, this limits the scope of sendmail activities.

Similarly, when compiling bind, people also execute it as named, and also use chroot to limit the scope of named activities, it also prevents the root permission of intruders and damages the system security.

Back to what we discussed earlier, take virus as an example: if the virus is executed by root, it can do whatever it wants; but if the virus is executed by a low-privilege identity, the impact is also limited. So why is no one happy to write viruses in linux? Or do you rarely hear a virus attack in linux? It is necessary for a virus to exert its power. In a windows system, no one (or script) executes viruses, and the results are the same.

In this case, are you willing to make great efforts to develop viruses on linux systems, and then wait for the ignorant root to execute them? The difficulty is much higher !~~ Of course, it's not that no one will develop viruses on linux. It's just that the ratio of "Input/Return" is too small to be an alternative to the willingness to invest ~~

I have learned about these Linux operating systems and hope you can learn them well.

1. Details about how to use Windows partitions in Linux
2. Complete Linux localization and easily apply Linux
3. Linux technology is getting better than NEC
4. Diverse Linux desktops
5. Red Hat announced that Enterprise Linux 6 will no longer support Cert