is ufw active for all users?

Discussion in 'all things UNIX' started by lurningcerv, Jun 4, 2014.

Thread Status:
Not open for further replies.
  1. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    I have a dual boot W7/Ubuntu system. I have defined two users - an admin user and a standard user. On the Ubuntu side, while logged in as the admin user, I activated UFW and apparently UFW now boots when I start Ubuntu. It UFW is active, is it active for all users? I can't use "sudo ufw status" from the standard user account to check it, because the standard user is not allowed to use "sudo".
     
  2. tlu

    tlu Guest

    You should really read this. On Ubuntu, the root account is disabled by default, and your user account can get root-level privileges by using sudo. In that article it's explained how to allow other users to run sudo. I don't know why you created an "admin" account and how it is configured. Quite frankly - and no offense meant - it seems from this and your other postings that you're still rather unfamiliar with Linux but yet doing unusual things with consequences which you obviously can't oversee. I suggest that you stick with the standard configuration until you know better what you're doing.
     
  3. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    Your answer and link had little to do with the question. In any case, my system configuration, which is a work in progress anyway, is going to continue to be what I think makes sense rather than what I or someone else thinks is "usual". Your answer also says the obvious. Of course I'm new to Linux and of course I'm doing things the consequences of which I don't understand fully. That's why I asked the question.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,161
    Location:
    in a remote land :)
    when you type "sudo" you request roots priviledges, so in terminal , you have to type your user password then you can check UFW status. on my machine it is active.
     
  5. tlu

    tlu Guest

    Actually it perfectly does. If you had read that link you would know that during Ubuntu installation a single user account is created which can use sudo (this is probably your admin account). Allowing additional users to use sudo is described in this section of that article. If you had done that you would have been able to execute "sudo ufw status" under that account and you would have seen that ufw is enabled for all users.

    You can do with your system whatever you like, of course. I just find it problematic to do unusual and most probably unnecessary things before you have made yourself familiar with the basics. I'm afraid that's a perfect recipe to run into trouble.
     
  6. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    I am aware that a standard user can be given permission to use sudo. My standard user cannot use sudo, and I would like to keep it that way. If you give a standard user administrative privileges, it seems to me to be equivalent to making him or her an admin user. If you do that, what's the point of having standard user as a separate type of user? My take on it is that the purpose of separating the two types of users is that the standard user is enabled to use the computer, including permission to use selected software and access selected folders, without acting as root via sudo. My (admittedly inexperienced) understanding is that the inability to use sudo is what separates the two types of users.

    All the above focuses on only one part of the question, which was not intended to be the main question, which is: after ufw is enabled at start up by the admin user, whether it is active for all users. Tlu is saying that it is.

    Anyway, thank you to everyone who responded and who might respond in the future.
     
  7. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    iptables (which ufw is a frontend for) is necessarily active for all users. iptables intercepts packets before they are processed the TCP/IP stack. It's a network firewall, pretty much like the Windows 7 internal firewall (but without so much feature creep). So it must de facto run at kernel level, among the most privileged code, and affecting all users.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Why would you create a standard user account in Ubuntu when there is already a standard user account that is the default standard user account in Ubuntu i.e: ubuntu with the home directory path in /home/ubuntu? At most, you would just need to give the standard ubuntu account a password as it is delivered without one in order to be consistent with the standard user account you created.

    Also, why would you create an admin account for Ubuntu when there is already the standard 'admin' account in Linux (for any Linux distribution OS) known as root with the home directory path in /root for the root account?

    As you learn Linux, at some point you will learn that it is useful to be able to use the sudo command as the convenience it is rather than to ban it entirely from user accounts, and why bother since you are most likely the only user of your system (unless other members of your family have accounts).

    In either case, make sure you never browse the Internet as admin in W7 nor as root in Ubuntu.

    With regard to your root firewall activation for UFW, it protects your system (as Gillible_Jones mentioned above. The way I activate mine is with the network disabled while I run my local setup when booting from an Ubuntu USB flash drive. That way, if my router is compromised, no malware can proceed from the router to my computer before I am fully setup.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.