When it comes to Linux, the first thing people think about is that this is an open-source operating system developed by excellent hackers around the world, which is now very widely used in the server domain, and that Android, which is based on the Linux operating system, already occupies half of the mobile terminal operating system. Also, it is easy to think that Linux systems are safe, stable, and almost non-virus-prone. But now the Linux version, almost no anti-virus software installed, but also rarely attacked by the virus. So how does the Linux operating system guarantee the security of its basic system? When it comes to operating system security, there is one word that must be mentioned, which is "control of permissions". That is, what kind of authority you have in your hand, then you can only do the work within this purview. For example, process A has write-only permissions for file B and no permissions to write and execute. Permissions are the permissions that the subject has, so what is the subject? Generally speaking, the subject refers to the process, for example, the user logged into the operating system, you can get a login shell, then the shell is called the principal, and then, for example, the user opens a nautilus to manage the folder, then this Nautilus process is also a main body. From the operating system point of view, the process of action is mainly for other processes or files to operate. For example, the user adds and deletes files through the Nautilus process. These manipulated files are called objects. Linux operating system subject to the operation of the object of a set of mechanisms, called DAC, English is called Discretionary access control, translated into autonomous access controls. In the Linux operating system, the process has uid,gid,euid,egid and other IDs. How did these IDs come from? User information from the creation of this process, in general, the current user is the root user, whose UID and GID are 0, the user-created process UID and PID in the absence of S-bit, the same as the user's UID and GID. If the process is created by an ordinary user, the UID and PID of the process are equivalent to the UID and GID of the user in the case that the program file does not have the S bit. In the security model of this Linux operating system, the DAC determines what access rights a user has to a file that is implemented in the kernel.
Linux Operating system security (i)