Certification Objective 11.01: Services and Special Users

Programs that run on Linux are all processes. When Red Hat Enterprise Linux starts on your computer, it first starts a special process known as init. The init process then starts other basic processes required for a working Linux system, including the shell, the basic user consoles, startup daemons, and more. Because it needs the authority, init runs as root; in other words, it runs with the privileges of the root user.

Interestingly enough, most other services, especially network daemons, do not run under the root user ID. This is one important way Linux protects your network security.

Suppose you have configured a system to start several network services running under the root user ID. Even if you loaded the latest security patches, the risk is still high. If a cracker stumbles upon your system and is able to break in, he or she can quickly get root access through the service daemon.

To circumvent problems like this, RHEL 3 normally configures services to run under their own user accounts. If a cracker does succeed in breaking into one daemon, the damage is limited because the service is running as a normal, unprivileged user. Alternatively, some services can be run through the nobody account. Figure 11-1 shows a typical /etc/passwd file. Notice that most common network services have their own user accounts.

Figure 11-1: /etc/passwd

Exercise 11-1: Verifying that Services Have Their Own Accounts

In this exercise, you will verify that certain system and network services run with their own accounts. You should try this exercise on a system that is configured to offer various network services. At a shell prompt, issue the following command:

# ps aux --headers | less

What account is the Web server service (httpd) running under? What account is the xfs service running under?