Re: privileged user in RedHat

On 2024-08-28, Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net"
<186283@ud0s4.net> wrote:
>

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!
 
Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment? 

 
   User 'root' is the only, initially, "privileged user".

>
>
Ok, but what does privileged then mean in the RHEL/ROCP environment?
>
I know that stuff like sudo exists, but I'm mostly asking about the
term.
>

   (note that 'sudo' kinda breaks this security measure, so
   research and set it CAREFULLY). You do NOT have to use
   'visudo' ... but then it's on YOU to get it 100% right.
   Anything 'vi' I tend to REMOVE because I find line-editors
   SO offensive these days.

>
I love vim, but this is irrelevant here. :-)
>

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).
 
I am aware that it is common that normal (real people) users start
with 1000 ongoing, server process users are below. Is there a
difference on the IDs or is that just tradition? 

 
   It is "tradition" now to set the first 'regular' user
   to ID 1000, group 1000. Not all 'unix-like' systems
   may obey the same traditions, but Linux distros kinda
   all go that way.
 
   The SYSTEM doesn't really care about the ID numbers.

>
Aren't there some applications/scripts that check those IDs?
IIRC in Debian some bash environment/profile stuff checks the UID to
set environment variables different for root.
>

   Oh, Raspberry Pi's ... 'sudo' often requires NO
   password. NOT great.

>
IIRC this is related to the OS installed on it. I run them with Debian
and Debian asks the user PW when using sudo by default, but this can be
easily changed in sudoers.
>

There is nothing special about the different UID's, apart from the root user.

ID's start at 1000 so they don't overlap with ID's which may be used for
system processes and the like.  When I started using Linux, they typically
started at 500.

What you are referring to, is specifically a RedHat OpenShift thing,
presumably permissions and restrictions that the containerised
environment adds.  In this case, this is RedHat specific, rather than
Linux per-se.  You'd need to research OpenShift specifically, because
from what you describe, this is OpenShift technology at work.