Join Log in
Score:3
Taknok avatar Server

Dedicated user vs selinux

ve flag
Taknok

What are the advantages and disadvantages of running a process with a dedicated (non root) user versus with SELinux (where a SE user may be bound to a Linux user) ?

234
2 + 0
Score:4
shodanshok avatar Server
ca flag
shodanshok

Short answer: the advantage of using a dedicated selinux user for each service is the increased security / separation of privileges it enables. On the other hand, it is an invasive change which is not applied by default on most Linux distributions.

For this reason services often run with a dedicate user account (ie: httpd) and they are further restricted in what they can access/listen via dedicated selinux profiles, but without involving specific selinux users/roles (ie: httpd_t runs with the system-default system_u user role rather that a dedicated one). This is done to increase system security without being too invasive on how normal users work.

Long answer: the key difference is the one between Discretionary Access Control (DAC) and Mandatory Access Control (MAC)

The first (DAC) is the traditional unix permission system, where a user can change the permission of all files it owns. Moreover, an application is entitled to do any operation granted at the "normal user" level (for example, listening on an high TCP port). While very intuitive and reasonable, DAC itself leave open the door for misconfiguration by the user (ie: inadvertitely giving access to a sensitive file) or malicious software (ie: a buffer overrun which launch a shellcode opening a listening port for remote control of the target host).

Enter MAC, where only the system administrator mandates the rules of what can or can not be done. For example the sysadmin can, via selinux, restrict which files the user (who own the files!) can change, or what files can be the "other" bit set. In a similar manner, an application can be barred from listening on anything than a restricted set of ports irrespective of the default unix permission system.

From here, it is easy to see how a specific system can be all-in on DAC or MAC. In the first case the user has total control on what it can do, bar the things traditionally restricted to root. A "plain" (read: with no selinux/apparmor/grsec/whatever) linux system is a good example of a DAC-only setup. At the other extreme, on a MAC-only system any user can potentially be a privileged one without really having any possibility to interact with sensitive information (in such a system, only a specifically designated "true" root account can modify the MAC policies themselves).

That said, DAC and MAC are effectively orthogonal: they can be (and often are) both used at the same time to strengthen the overall system security. This is the key reasoning behind the targeted selinux policy: as transforming Linux in a MAC-only system would be too invasive (and really unneeded for 99% of cases), RedHat ships a policy which selectively applies more restrictive rules to the most sensitive services, leaving interactive users mostly unaffected. This is why users are, by default, assigned to the unconfined_u selinux user in turn has system_r and unconfined_r roles.

+ 0
Score:1
Anmol avatar Server
gd flag
Anmol

Dedicated user:

A dedicated user is an account used exclusively for a specific purpose or service. This type of user account is generally created to provide a secure environment for a particular function or service, such as running a specific service or application.

SELinux:

SELinux (Security-Enhanced Linux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). It is designed to protect the system and its applications from malicious or accidental damage caused by users, processes, or applications. It is also intended to provide a secure environment for system administrators and users by restricting access to system resources and applications.

Advantages of Running Process with Dedicated User:

  • Increased security: By running a process with a dedicated user, you can restrict the process’s access to specific resources and limit the potential damage a compromised process can cause.
  • Improved performance: Dedicated users can help improve system performance by reducing the amount of time spent by root users on security-related tasks.
  • Simplified maintenance: Dedicated users can simplify system maintenance by providing isolated contexts for each process, allowing you to quickly identify and address any issues.

Disadvantages of Running Process with Dedicated User:

  • Increased complexity: Running a process with a dedicated user can add complexities to system administration, as you must manage the user’s permissions and privileges.
  • Limited capabilities: Dedicated users may lack the capabilities required by some processes, such as access to privileged system resources.

Advantages of Running Process with SELinux:

  • Increased security: SELinux provides a powerful access control mechanism that can be used to isolate processes and limit the damage the potential of a malicious process.

  • Improved performance: SELinux can help improve system performance by limiting the amount of time spent on security-related tasks.

  • Increased flexibility: SELinux allows users to bind a SE user to a Linux user, allowing for finer-grained control over access and privileges.

Disadvantages of Running Process with SELinux:

  • Increased complexity: SELinux can be complex and difficult to configure, making system administration more difficult.
  • Limited compatibility: SELinux is not compatible with all applications, limiting its usefulness in certain contexts.
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.