I seek an understanding of elevated privileges

brent

What are the dangers of elevated privileges I hear about? I'm 2 years removed from your closed-source competitor, but I don't feel like I've ever got my head wrapped around 'when' and 'why' I need these privileges.
My habits:
su/root: permission changes only, sparingly
sudo: installs, updates, and --is that wise?. also the stuff that asks me for a PW: acct settings, print settings etc.

I've seen sudo referred to as root plenty of times but this is not true, right? Terminology-wise, sudo is elevated and root is el jefe, right? (Espanol for 'the boss').
My internet reading re: linux/sudo, is all bright and sunny about this marvelous, magical command but I've not read about bad outcomes, poor practices, vulnerabilities, etc.
I really want to get in good habits and learn how to be mindful regarding privileges.
Thanks for any/all philosophies/facts/ways of doing things.

dbarron

Sudo is an elevator that can bring you to root privileges (or any other user it's configured for). On std Linux/GNU systems, there is no difference. All it does is control access to the target userid and perhaps what commands can be ran as that user. On hardened systems there may indeed by differences, but not on your run of the mill unix. Root is Root, always..no matter how you got there.
Good practice is never do anything with a more privileged uid than absolutely necessary. You can assign rights to groups and newgrp to access those powers as well. It's all in the configuration.
Many commands in some DEs (like KDE) are designed to be run as your std userid, but then request access (via sudo) for the small portion that needs superuser access (like package installation, after the packages have been successfully downloaded to a temp folder).

brent

dbarron "that can bring you" is a perfect answer to the difference question.
I pretty much get it better.
My other is happy with W10 but can't tear herself away from my Solus. She does not need a guest account.

Solus' default, for the person creating the .iso identity, is to give that user "administration" privileges on install. That I get. That's not elevated in any way.
"Superuser" is for installs and updates. Got that.
As long as root for permissions and minimal use for the superuser then I feel good.
As long as nothing in my post stood out as reckless or unmindful, then good I hope. Thank you for that great info.
P.S.: trying to adhere to best practices here. P.S.S. again all my reading suggests how magical the privilege, not the dangers

ritalinhum

brent

ritalinhum I've seen this a million times and it doesn't get better. Don't get me wrong, I have a sesame street comprehension level, but scratching a little deeper in this query....

elfprince

brent Magical, unless you accidentally type 'sudo rm -r * bla bla". Be very careful, for this needs to happen only once! ;-)

brent

elfprince The implication being someone might get sick of something, not research it's function and dependencies, furiously types "sudo eopkg rm geotracker" and BOOM most websites broken forever and the shell and some programs...like smoking rubble.
That was me in the 2017 era🙂 . A person tires of leaving his/her OS a heap of smoking rubble and begins a new awakening...

viyoriya

brent I still remember the first time sudo command warning 😀 ...

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

 Password:

kyrios

The rules are like in the real world. Imagine you own a Swiss bank. To insure the security and confidentiality of your customers, you want to make sure your employees cannot access to whole system but only have the necessary rights to be able to perform their job, not more. This is called the least privileges concept (and also segregation of duties but that's not the main focus for your question).

Same occurs with computers, ideally a "normal" user should be able to modify only the data he owns (his personal data) or eventually some data he shares with some other users on the system. He should also be able to read some other data he doesn't own but that he needs and should not be able to access some other data at all (i.e: some system data or other users personal data). But you're not just a normal user, in some case you might also need to temporarily become administrator of your computer, for example to update the system, add or remove applications, change some system-wide settings (so not your personal user settings that apply only to you and that are stored in your home folder), to perform some backups that are not limited to your personal data, etc... In this case there is no more segregation of duties since you can do anything as an administrator and you can potentially do dangerous things that may break your system). Also running applications with administrator rights, means these applications have administrator privileges and thus could do things they shouldn't or be abused to do bad things on your system. That's why it's important to not use sudo when not necessary (look at the old windows, users were administrators by default and security was almost non existent).
For example, if you want to install or remove a program, you have to use "sudo eopkg it/rm" because it requires elevated privileges on the system (a package could delete things anywhere on the system, modify the kernel, etc.). but if you want to have details about a package "eopkg info" doesn't require any special rights since these info are publicly available to all the users of the system.
Another example is "journalctl", anyone can run this command, but it will show only the journal entries (logs) related to your or "public" processes. If you run "sudo journalctl", you'll also see other users or system processes that might eventually disclose private data or problems (wrong configuration, bugs, ...) that could potentially be exploited to do things that should not be allowed.

Last but not least, on home computing segment, sudo usually means temporary root (administrator) access, but actually sudo can be configured to allow to only perform some actions like running a specific command that requires elevated privileges but not all the commands, or to run a command without being prompted for a password, etc... This is usually used in the enterprises world and more specifically on the servers.

brent

kyrios Wow, thank you for the incredibly great answer. I can wrap my head around this philosophy.

I believe I got what I needed for good habits and mindful security. Feel free to mark SOLVED.
I really appreciate all this information. Thanks, everyone.