Automate safe system upodates with a single script (for APT + systemd systems)

THE PROBLEM Keeping a Linux system fully updated usually means doing several things by hand: Update APT package lists Upgrade installed packages Remove unused dependencies and cached files Update Flatpak apps (if you use Flatpak) Update firmware via fwupd (if available) Decide whether to reboot or shut down None of that is hard, but it is repetitive and easy to skip steps, especially firmware updates. This script turns that whole workflow into a single, safe command. REQUIREMENTS This script assumes: Package manager Uses APT Example: Debian, Ubuntu, Linux Mint and similar Init system Uses systemd (for systemctl reboot/poweroff) Shell bash (script uses “#!/usr/bin/env bash” and “set -euo pipefail”) You can run it with: bash script.sh Privileges Your user has sudo rights Optional components Flatpak (optional) If not installed, Flatpak steps are skipped fwupd (fwupdmgr, optional) If not installed, firmware steps a...
0

Users, Accounts, Passwords, SU and SUDO

Users, Accounts, Passwords


/etc/password contains the following fields (© 2022 edX Inc. All rights reserved): 

Field NameDetailsRemarks
UsernameUser login nameShould be between 1 and 32 characters long
PasswordUser password (or the character x if the password is stored in the /etc/shadow file) in encrypted formatIs never shown in Linux when it is being typed; this stops prying eyes
User ID (UID)Every user must have a user id (UID)
  • UID 0 is reserved for root user
  • UID's ranging from 1-99 are reserved for other predefined accounts
  • UID's ranging from 100-999 are reserved for system accounts and groups
  • Normal users have UID's of 1000 or greater
Group ID (GID)The primary Group ID (GID); Group Identification Number stored in the /etc/group fileIs covered in detail in the chapter on Processes
User InfoThis field is optional and allows insertion of extra information about the user such as their nameFor example: Rufus T. Firefly
Home DirectoryThe absolute path location of user's home directoryFor example: /home/rtfirefly
ShellThe absolute location of a user's default shellFor example:/bin/bash
There are 4 types of accounts:
  • root
  • System
  • Normal
  • Network
Granting the minimum privileges possible and necessary to accounts, and removing inactive accounts is advised for security purposes. Last utility can help to identify inactive accounts.

When logged or acting as a root, the prompt shell is '#' to warn.

Operations that do not require Root privilegeExamples of this operation
Running a network clientSharing a file over the network
Using devices such as printersPrinting over the network
Operations on files that the user has proper permissions to accessAccessing files that you have access to or sharing data over the network
Running SUID-root applicationsExecuting programs such as passwd
(© 2022 edX Inc. All rights reserved)

SUID - Set owner User ID upon execution is a special file permission given provides temporary permissions to a user to run a program which has the permissions of another user/owner (root too).


SUDO and SU



SUDO configuration files:
  • /etc/sudoers
    One only file containing all information related to all users, and a complete guide
  • /etc/sucoers.d
    A directory containing one file per user, system more and more used.
Those configuration file can be edited by using visudo tool, with /var/log/auth.log under the Debian distribution family, and in /var/log/messages and/or /var/log/secure permissions.


Depending on the distribution, the log files for sudo are the following:
  • /var/log/secure
  • /var/log/messages
  • /var/log/auth.log
If someone tries to execute sudo by entering the wrong password, this will be reported in in a way similar to the following:
<user name> : user NOT in sudoers ; TTY=pts/4 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/tail secure


Comments

Post a Comment