separate standard account in Ubuntu

Discussion in 'all things UNIX' started by sukarof, Sep 26, 2019.

  1. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,868
    Location:
    Stockholm Sweden
    Is there any security benefits to create a standard account in Ubuntu instead of using the account created during installation?
    I mean, when you install ubuntu you create one account. In that account you can do system related stuff with the account password.
    If I from that account create a standard account and log in, then I have to use the first account password to do system related stuff. That is the only difference, right? Or are there any benefits?
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,736
    No, I think there is no benefit unless someone else uses your computer as well and you don't want that person be able to acquire root permissions via sudo.
     
  3. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,785
    I guess you come from Windows recently. What you're using is already a standard account, tho it's not a common word in Linux world. The reason you can do system related staff is your account belongs to sudo group (similar to Administrator group on Windows), and while you can add a user who does not belongs to the group via usermod, it's debatable if it increases your security as long as you set a strong password. One reason it increases security on Windows is that UAC doesn't work as a security boundary, but sudo does.

    Linux in general offers much better solution. E.g. AppArmor built into Ubuntu by default offers RBAC & MLS which gives far better security than simple account separation, yet the documents are outdated and these are definitely not for Linux beginner. I personally recommend to start from playing w/ AppArmor profiles (you firstly need to install apparmor-utils & apparmor-profiles), as it's not far distant from configuring HIPS on Windows and a very good starting point to understand Linux security architecture.
     
  4. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,868
    Location:
    Stockholm Sweden
    Thank you very much Yuki2718 for the explanation. I am familiar with HIPS in windows so I will look into apparmor.
     
  5. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,785
    @sukarof
    Having thought twice after seeing that news, I now think your worry was right (it's a matter of Ubuntu, so does not necessarily apply to other distro).

    Ubuntu (and probably most of its folks) allows everything for sudo, and it displays "authentication required" dialogue in some context, however, unlike Windows it is spoofable. Tho gksu was deprecated on Ubuntu, situation is basically the same and there seems to be other methods too. As noted in the answers, Linux is meant to be used through CUI (terminal) and sudo is not meant to do everything. So if malware is already running, it can sniff your password, and then it can do everything!

    While RBAC is the best solution, I think account separation works as an easier option. Create a standard account if you use GUI, or run adduser w/ an username. Then use this account for all chores except for e.g. privileged install, update, system config, etc. When you need these tasks, switch your account. It's also possible to edit sudoers to e.g. only allow apt update & apt install for that user, or to require root password (not set by default) instead of current user's. The former will be convenient, but don't allow too many. The latter won't stop sniffing so whether it's worth doing is debatable.
     
  6. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,736
    @Yuki2718 : Quite frankly, such recommendations to a user new to Linux will probably break his system, and he won't know how to resolve the problems that come from them. A lot of experience is needed to apply them. And I'm convinced that they are not necessary for the vast majority of Linux users. If you stick to the official repositories and do not execute questionable 3rd-party stuff the risk that your system will be compromised is miniscule at most.
     
  7. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,868
    Location:
    Stockholm Sweden
    @summerheat No worries for my part. I am used to break my system, but I of course have images of my hard drive so I can reverse whatever I brake. My philosophy is that one can only learn by breaking things :) But you are right that total new users should be careful. I am sure Ubuntu is safe out of the box if following your suggestions.
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,623
    Location:
    Canada
    Yes, I agree with @summerheat. Apparmor can seriously cripple a system, if the profiles are not a correct match for what the user has. I think some, if not many, of the standard profiles available in the repositories haven't been updated in quite some time.

    Also, building custom profiles using the aa-genprof function and subsequent scan where it's up to the user on how to create the paths and sanitation can and will cause issues if mistakes are made.
     
    Last edited: Oct 15, 2019
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,108
    Location:
    Lloegyr
    I've been using Ubuntu 'out of the box' for years with no worries. I just keep it up to date and have some browser hardening (Firefox).
     
  10. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,785
    Linux beginner doesn't mean IT beginner, and I had no reason to doubt he can rollback his system w/ rescue CD and will start from complain mode than enforcing mode after enough research - yes, it's not the first time I see him.

    And it is Wilders where ppl talk about security measures, isn't it? Default profiles tend to be lax and far from comprehensive, so a past member, @Hungryman had provided custom AA profiles. I really miss him, as well as some others such as @Windows_Security (I know he is active in MT), as they're valuable ppl who can talk about internals. One reason I recommended AA is through it you'll inevitably be intimate w/ capability, one of fundamentals of Linux security.
     
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,736
    I'm not against using AppArmor as the profiles that come with it by default usually don't break anything (even for a Linux newbie) because many standard applications are not confined by AppArmor. Hence, unless you write your own profiles for those applications the security benefit is not too overwhelming. Besides, it's difficult and time-consuming to write AA profiles for all potential malware gateways. Applying Firejail makes much more sense as it provides profiles for several hundred applications with the effect that most of your desktop programs will be sandboxed.

    And if it comes to sniffing your password, those examples mentioned in your links presume that your system is already compromised. IMO, that's unlikely if you stick with the official repositories (and sandboxing your applications with Firejail makes that even more unprobable). Hence, editing sudoers is a recipe for breakage for most users, IMO.
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    929
    Location:
    Member state of European Union
    I wouldn't describe Gnu/Linux as meant to be used through terminal, but usual security model of distributions is based on prevention of infection and not of containing malicious programs. This model does not assume every user program is potentially harmful, instead it assumes all installed programs are trusted. It is common security model on the desktop. I would say Windows in fact have the same security model by default (without non-default configuration and/or 3rd party security programs).
    This spoofing/sniffing is possible by X11 protocol design. Wayland is slowly (really slowly), but steadily replacing X11.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.