Making a very less privelleged user accounts
Making a very less privelleged user accounts
When I started linux, I heard creating seperate user accounts for specific uses only is a good step to security in linux. I haven't tried it but after seeing concerns regarding some game launchers snooping around the os, I am trying to see how hard will it be to not let them. I only know the basics of user creation through GUI.
I wont be running games by the way, but I want to have this knowledge of user accounts in linux as a linux security enthusiast. I just want to create a user account where only apps or packages will run with no root access or access to outside its home folder. Even installing apps or packages should not require root to install and must be installed in that home folder and not /usr/bin or /lib. Should be like sandbox environment. I have complete control of permisions and processes of the app. Dont say about flatpak or virtual machines, not talking about that here, just plain old linux.
Note that I am not doing this out of paronoia but as a security enthusiast. I have heard about firejail, SE linux, and WhonixOS but just scratched the surface of it.
How should I do this? I need some sources to read all about linux user accounts.
You're viewing a single thread.
First and foremost, you are outright dismissing Flatpak, which accomplishes all of your goals pretty much, with a vague desire to use "plain old Linux" instead of a proper motivation. You should really stop and ask yourself, WHY not Flatpak? What do you actually want, and why is Flatpak not the answer to that?
I point this out first because then in the next paragraph you mention some tools such as Firejail. Which is attempting to do more or less the same as flatpak, but in a more crude/less polished form. And neither Flatpak or Firejail are "plain linux", they're just fancy wrappers around a whole bunch of actual "Linux features", like namespaces, seccomp, cgroups, users, chroot, filesystem permissions, and other higher-level tools such as bubblewrap (in the case of flatpak).
So, do you want to learn the underlying primitives/underlying tooling? If so, start with users, filesystem permissions, and Linux namespaces and the other Linux features I've listed.
Or do you want to just deploy applications in a sandboxed environment? If so, use Flatpak/Firejail/Snap/Linux containers such as Podman or Docker, etc. Then manage permissions using Flatseal (in the case of flatpak), and you're done.
How should I do this? I need some sources to read all about linux user accounts.
You should stick with trusted sources such as TLDP, Redhat/Fedora docs, Archlinux Wiki, Gentoo Wiki, etc. For example, regarding users:
Thanks for response!
Well not every app is in flatpak. Like steam gives you a .deb to download and not a flatpak. Only for this reason I said "dont say about flatpak". I would definetly use flatpak where ever possible. I was simply asking for help in linux permsions and users in case I cant run app in flatpak. It isn't a vague desire for "plain old linux" but instead a desire for when flatpaks arent possible, I need to do the same for it with plain linux.
But now I understand that these tools I mentioned arent really plain linux like I thought. I should have asked the question properly Also I didnt know firejail was like flatpak though.
So I now understand what to ask exactly.
I want to learn underlying tools which apps like flatpak and firejail use. Mainly the user permssions and filesystem permissions. Dont want to learn the application themseleves but want to do myself what these applications do in behind the scenes.
Thanks for the sources though!